Is a college education worth it Pro thesis paper - 1

Is a college education worth it Pro paper - Thesis Example ses required for gaining sufficient educational background, benefits of college education beat financial difficulties that should be overcome in order to profit. College education allows making life more comfortable, successful and prosperous which is explained by directly proportional correlation of taken time/ trouble and further well-being. As a proof, comparing people who start working at once after school graduation and those ones who spend additional four years for gaining qualifications Baum, Ma and Payea investigated the following: â€Å"As workers age, earnings rise more rapidly for those with higher levels of education. For example, the gap between the earnings of full-time workers whose highest degree is bachelor’s degree and those of high school graduates grows from 54% ($15,200) for 25 - to 29-year-olds to 86% ($32,000) for 45- to 49-year-olds†(5). Entering a college, students obtain skills and abilities required to that area which is chosen for their future professions what makes them more appealing to the employers and what makes them more competitive in comparison with those who missed college education. Besides the qualification itself, students are learning to make researches, to work on improvement of those basics that they are proposed, to challenge common believes, to introduce their knowledge to real life. Even though someone may contradict that there is also such a thing like self-education that does not suppose being officially a student in some college, unfortunately, statistics can prove that self study carries to success only in exceptional cases. Making a decision on the necessity of entering the college it is not enough to be ruled by self-interest because willing to live in a better society, it is everyone’s obligation to make a contribution to that. According to the research of Baum and Payea, â€Å"in addition to increasing material standards of living, reduced poverty improves the overall well-being of the population. †¦ In

Functional Analysis of Capsim Business Simulation Essay

Functional Analysis of Capsim Business Simulation - Essay Example In addition, the paper analyses how each of the functional unit integrates and interacts with other functional units. Finally, the paper provides my recommendations for a business leader in managing a $40 million manufacturing business. The simulation provides a rare chance in experiencing how managing a full business while utilizing the benefits of reports helps in showing the correlations existing between the outcomes in a business and the management decisions (Forgang, 2004). The units of the simulation include production, marketing, finance, research & development (R&D), Human resources and (TQM) total qualities management (Bossche, Gijselaer & Milter, 2011). Production involves the behaviors that firms exhibit at the market places in regards to the creation of goods along with services. This is mainly done for the purpose of satisfying their consumer wants (Dusseau & Wilson, 2010). The production managers involved in a business should engage in comprehending the relationships th at exist between the business inventory levels and their carrying costs along with their market shares (Dusseau & Wilson, 2010). They should also understand the relationship existing between their production capacities and the number of excess hours that their employees have to work to achieve their goals (Sitomer, 2010). This is because a business may end up incurring losses in their operations when their expenses in catering for the overtime hours worked and the cost of this labor exceeds their earnings (Clawson & Haskins, 2006). The production managers in a business will be responsible for producing beneficial results through their efforts of automating the production processes and increasing their manufacturing capacities (Forgang, 2004). Marketing, in a manufacturing environment, refers to the processes through which businesses indulge in creating value for their customers while at the same time building strong relationships with them (Wankel, Arthur & Stoner, 2009). It also in volves creating solutions along with relationships that will either be of long or short term benefit to the business (Dusseau & Wilson, 2010). The marketing manager in a business will be responsible for comprehending the relationship that exists between their margins on prices along with contributions and prices along with demand (Forgang, 2004). They will also be responsible for understanding the relationships existing between the promotions of their budget along with increasing awareness for the business products. The marketing manager and his team should be charged with the task of establishing the business sales budget and accessibility to these funds (Sitomer, 2010). The marketing department in a business may be affected by the new products that are being launched by the research & development departments since they had not been accounted for in their operations and are unknown in the market (Wankel, Arthur & Stoner, 2009). The activities of these departments can also be affect ed by a business’s production capacity along with the costs it incurs in its operations (Dusseau & Wilson, 2010). Finances in a business are used as measures for ascertaining whether a business is making profits on its investments or not. Finances in a business are mainly affected by their time values since they change on a day to day basis (Sitomer, 2010). Businesses allocate their money and assets to certain uses but under conditions of uncertainty or certainty (Bossche, Gijselaer

The body as artistic and cultural expression Research Paper

The body as artistic and cultural expression - Research Paper Example From the extreme examples like punk, to being selective in the colour or design of the dress one wears- body art has supposedly normal and not so normal manifestations. Shildkrout (2001) in the article, Body Art as Visual Language, has revealed the primal impulse behind the use of body as an artistic and cultural expression, â€Å"if the impulse to create art is one of the defining signs of humanity, the body may well have been the first canvas† (pp.1). Body painting, make up, body shaping, hair styling, scarification, tattooing, piercing, and dressing up in clothes constitute the expansive genre of body art. The functional aspect of body art has been described as supporting â€Å"to rebel, to follow fashion, or to play and experiment with new identities† (Shildkrout, 2001, pp.2). Apart from this functional aspect, the use of body as a starting point in artistic expression has gone rather unexplored. This essay envisages finding out the connection between body art and a rtistic expression and presupposes that the rebellion-aspect of body art inspires artistic expressions while the tradition-aspect blocks it. If we consider each kind of body art separately, it can be seen that different meanings are associated with different kinds of body art. For example, body painting can enhance the beauty, impart a divine countenance, provide protection, masquerade and establish a group identity. Similarly, make up has the function of increasing visual appeal, providing a false identity or concealing the original one, as well as establishing authority and status. Hair styling also can enhance beauty appeal, establish a group identity or visualize rebellion. Body shaping ranges from the primitive practice of skull shaping to the modern plastic surgery, all of which again has multiple functionalities. Scarification, tattooing and piercing have more to do with group identity and rebellion. But there are also less visible uses of body art like the use of piercing as a religious ritual and the use of make up to convey codified meaning as in Kabuki theatre (Shildkrout, 2001, pp.2-4). Body art has a great many things to do with our everyday lives and it is this aspect that brightens up the narrative of Meeta Kaur in her autobiographical essay, Journey By Inner Light (2006). Here, the basic emotions associated with body art are discussed, which is after all about being happy and content about one’s own self. Kaur (2006) has started her essay by describing the beauty of her mother’s hair, the good care that her mother gives it and the passing over of this tradition to herself (pp.39). This is a clear example of how artistic expression is evident in our everyday lives. As the narrative progresses, the reader become aware of the cultural identity that is associated with long hair, for Kaur’s mother and herself (2006, pp.40). Kaur’s being a migrant family from India to America, she believes that her mother’s long hai r is â€Å"an allegiance to a homeland† (2006, pp.40). Kaur (2006) also has remarked that her mother’s hair â€Å" is a light that provides a sense of place and home between any borders, on any soil, whether she is in India, America, or any other country† (pp.40). It can be seen that in this instance, body art as simple as maintaining one’s hair long has a meaning that is deep-rooted in tradition. The second encounter of Kaur (2006) with body art is when she goes back to India, and in a comic book, sees the picture of â€Å"the ninth Sikh Guru, Tegh Bahadur, [†¦] (in) a navy blue turban and a golden robe and [†¦] (having) a long silky beard† talking about religious freedom (pp.41). This visual also reminds how body art can impart great status to a person’s appearance. The â€Å"

Industrial Revolution Essay Example | Topics and Well Written Essays - 750 words - 3

Industrial Revolution - Essay Example Industrial revolution occurred between 1750 and 1850. It is considered to be the most significant event in human history after domestication of animals and plants. Industrial revolution started in England and spread abundantly all over the globe changing the lives of many people. In 1784, innovation of steam engine was one of the many technologies which brought industrial revolution. The efficiency and power of industrial revolution lifted the modest workshop industries to high speed factories. One of its key achievements was the impact it had on the iron industry. Since the middle age till 17th century, iron industry used trial-and- error methods. Wood was mainly used as combustible fuel. However, in 18th century, wood was replaced with coal as a combustible fuel for producing wrought and cast iron (Esler & Elis, 2007). Use of furnaces further refined the process of iron production and consisted of two separate compartments. In the field of metallurgy, use of furnaces enhanced production of wrought iron. This iron was considered to be the best quality to be used for machinery and construction. Further industrial growth brought the emergence of steel which was a major breakthrough. It was the first metal used to construct road, bridges, canals, and railroads in France and England before spreading to the rest of Europe. The other advantage of industrial revolution was introduction of faster mode of transport which facilitated travelling of goods and people. In addition, it led to emergence of new era of commercial activities which strengthened economy (Esler & Elis, 2007). However, industrial revolution had a profound impact on conditions of human beings especially workers in urban areas. The shift of agrarian occupation to that of industry, led to a dramatic increase in urban population. High population increased spread of diseases while crime and filth became the dominating themes of the city life. The working

The subject is leadership and the research about bill clinton, USA Paper

The subject is leadership and the about bill clinton, USA president - Research Paper Example These examples are real and they exist in the chronicles of history so that people who come later can learn from the mistakes and not repeat them. The analysis of these various leaders lead one to contemplate what is it that makes a leader. This discussion will entail the attributes of a good leader that is deemed essential keeping in view the examples of the leaders in history. As a template, the leadership of Bill Clinton will be juxtaposed to the ideals of leadership to determine whether charismatic and famous personality of Clinton does equally well on the scale of leadership. The first and the most primary quality that a leader must possess and that has been an evident part of Bill Clinton’s personality is the self-confidence. Mr. Clinton, in his regime made all sorts of judgments, good and bad. What one sees as a consistent feature of his leadership is sheer confidence in his own self and actions. His speech, his gestures, and his face expressions, everything about him g ave off an aura of confidence and self-trust. With the composed and confident look on his face, Clinton had been successful in convincing the masses and his trustees to see his perspective. If confidence were all that takes to be an effective leader, then Bill is surely one (Levin, 183). Secondly, a leader should be humble. No one likes and therefore follows a snob. An effective leadership springs from the very denial of one’s own skill set and the appreciation of the followers. The charisma thus produced not only instigates the rush of positivity amongst the followers but also a motivation to prove their worth and re-confirm their leader’s opinion of their capabilities. Thus, with a little modesty and humility, a good leader inspires a multitude of souls to achieve their goals and consequently, own visions. Bill Clinton fits these criteria of effective leadership quite well. His humility is most appreciated by people who work closely with them. During the meetings, he listens to everyone very attentively and shows utter respect for everyone’s opinions. His immediate subordinates often marvel at Clinton’s ability to connect with everyone through his modest and humble attitude. During Q and A sessions, he would answer every question with a humble voice rather than an authoritative one. An important aspect of his humility is his proactivity. Unlike other leaders, Bill does not blame people. He takes charge of the project and start working on it himself. Aloof of the hierarchy and discrimination amongst job descriptions and posts, he bends down to offer his help and advice at all stages of any project (Kellerman, 67). Pragmatism is another significant quality that a leader must possess. People who ‘play by the book’ are the ones who are better off as managers. Those who make it to the top are the ones who are always prepared to make last-minute changes. These people are not rigid; the only thing constant about their work i s their vision and values. These great leaders also make many mistakes; they are far from being perfect. However, what makes them the best is their ability to accept responsibility when they go wrong or when things are not working the way they wanted it to, and then fix them. Bill Clinton’s presidency is a brilliant example of this rule. He

Feasibility study- Crescent Cove Recreational Resort Essay Example for Free

Feasibility study- Crescent Cove Recreational Resort Essay CCRR is the first accommodating establishment in the Malingay Cove, the hidden bay which is of Maira-Ira PointIt is famous for its crystal blue water and fine white sand. It sets by the Nacatnagan at the East and Dos Hermanos Island in the North, where all found in Pagudpod, Ilocos Norte. Its perimeter was hemmed by the thick forest hill which is perfect for outdoor activities such as trekking or mountain climbing. The first phase includes 24 guest rooms, coffee shop, videoke bar, function room, lobby with a fireplace, reception are, front desk, storage area, laundry room, veranda, a men and women’s bathroom, kitchen, indoor swimming pool, mechanical room,renting booth, indoor swimming pool,a fully equipped spa, sauna room and Jacuzzi room. The property also features amenities which inside the perimeter of the resort such as playground, backdoor garden, basketball and badminton court, and bayside cottages. And to give our guests/clients the ultimate recreational experience, CCRR expansive 8000 sq. meters, approximately 5000 sq. meters of it are wooded and undeveloped( almost part of it is in the forest hill), which is best to settle outdoor activities, we are also proud to showcase stations for Bungee Jumping, Wall Climbing, Hanging Bridge, Zipline, camping site, camouflage training site and Cable Car. And for those who lean towards a more holistic work-out we have the solution to that as well. Spend time at our Meditation Sanctuary to re-connect with your inner self or your Higher Being. CCRR is an accommodating establishment which gives the best definition for â€Å"fusion of recreation and resort† . CCRR specialize a service for guests/clients whom considered himself a recreation enthusiast or people engaged in Christian-type retreat. Corporate Vision -CRESCENT COVE RECREATIONAL RESORT WILL BE THE BEST RECREATIONAL RESORT DESTINATION IN THE country Corporate Mission †¢To promote wellness (wholeness), leisure and tourism at the same time. †¢To set the benchmark for service excellence †¢To put the environment we work in †¢To be truly satisfied our guest with what we have Corporate Goals †¢Introduce current trends/ technologies in promoting our business †¢Establish more recreational amenities and facilities †¢Obtaining financing for building and sustaining a long-term program that will conserve the natural beauty and richness of the island †¢Develop successful internet site while maintaining strong relationship with retailers. COMPETITIVE ADVANTAGE Located in a â€Å"virgin† bay of Maira-Ira Point. The area has several recreational and retreat style areas, various retails numerous food stall aside and specialty shop and the beauty and serenity of the Maira-Ira bay, which has made the place considered as â€Å"Boracay of Luzon†. CCRR pricing philosophy was to be truly perceived the value of the price that they are paying and to go beyond their expectation. Considered the moment of truth in some simple resort, where a client/guest is been accommodated just to have a beach experience and after that they depart. Sad truth that some resorts seems didn’t catch the soft spot of their guest, in terms of services, facilities, activities and unjustified price pertains. CCRR was trying to open up the eyes of the tourist/travelers and potential guests/clients and of course our countrymen that a resort is not just a place to have leisure but also a place to recreate and improve the wellness. INDUSTRY KEY TO SUCCESS †¢A property designed for the guests and people who loves adventure †¢Availability of latest technology and Implementation of current trends †¢Regular and On-going guest feedback †¢Provision of recreational activities requirements. †¢Unique, safe comfortable environment †¢Dedicated management associate support staff ROOM CLASSIFICATION ACCORDING TO PRICE, LAYOUT, FACILITIES AND AMENITIES PACKAGE OF 3 BUFFET MEALS ( GOOD FOR MINIMUM NUMBER OF ACCOMMODATE) Type of Room Type of Bed Number of accomod ate Bed Amenities Bathroom Amenitie s Luxury Ameniti es Speci al Servi ce Room Rate Econom y (14 availabl e) Single Bed (3675 inches) Minimum of 1 Maximum of 2 Closet with 2 hangers, 2 pillows, Radio Nite Table 2BathroomTo wel 2 Hand Towel 2 Face Towel Shower (cold) Airconditio ner CD Player 1. PHP 2800 2. PHP 2300 Standar d (7 availabl e). Double Bed (5475 inches) Minimum of 2 Maximum of 3 Closet with 3 hangers, 3 pillows, Radio, Nite Table, TV Set 3BathroomTo wel 3 Hand Towel 3 Face Towel Shower (HotCold water-24 hrs) Bath Mat,Toilet Tissue Airconditio ner DVD Player 1. PHP 3300 2. PHP 2600 De Luxe (3 availabl Queen Bed (6080 Minimum of 3 Maximum of Closet with 5 hangers, Wall Lamp,NiteTable,C Amenity Basket, Shower Airconditio ner DVD Player Free use of Jacuzzi, 1. PHP 4000 e) inches) + Roll-aw ay Bed 4 ofee Table, 4 pillows, Cable TV Set, Bed Cover ( Hot Cold- 24 Hrs. ), Shower curtain, Sanitary Bag, Toilet Tissue, Bath Mat, Bath Robe 4BathroomTo wel 4Hand Towel 4Face Towel Kitchenette Sofa set, and Sauna 2. Php 3500 Notes: Peak Season ( March- June) Off-Season ( all other months) Legends: In Room Rates 1- WHEN PEAK SEASON 2- OFF- SEASON RENTS ( SWIMMING BEACH EQUIPMENTS AND GADGETS) Gadget/Equipments Time Allocated (per person)/ Tries Price Jestki Once/ 30 mins. Php 500 Jet Kayak Once/ 30 mins Php 500 Jet Board/ Powerski Once/ 30 mins Php 500 Surf Board 1 hour Php 300 Fly Board/ Water Jet Pack Once/ 30 mins Php 800 Scuba Gears (package) 1 hour Php 450 Hobie Cat Sailing boat 30 mins Php 300 Windsurfing board 30 mins Php 300. RENTS (FOR RECREATIONAL ACTIVITIES) Activity/Gadget Cable Car Once Php. Zipline Once Php Wall Climbing For the whole day Php Bungee Jumping Twice Php 2 Shuttle Cock + Rocket 2 hours Php Basketball 1 hour Php NOTES: WITH THE PROVISION OF RECREATION COORDINATOR RENT ( OTHER SPECIAL SERVICES) Sauna 1 hour Php 250 Jacuzzi 30 mins Php 250 Spa 1 hour treatment body massage Php 300 Banana Boat Ride (per person) (8 pax) 30 mins Php 100 Bayside Cottages 1 day Php 600 Tent 1 day Php 350 FREE ACCESSIBILITY/ SERVICE. †¢Aerobic Dance with instructor ( every 6am til 8am in the morning) †¢Hanging bridge accessibility †¢playground, †¢ backdoor garden †¢Indoor swimming pool †¢Camouflage training site †¢Meditation Sanctuary TARGET MARKET- CONSUMERS †¢People engaged in a Christian- retreat style activities †¢Lower-to-upper income bracket †¢Recreational Enthusiasts †¢Adventurer †¢New visitors travelling to the area GAINING ACCESS TO THE TARGET MARKET †¢Accreditation to Department of Tourism †¢Distribution of flyers, brochures etc. †¢Conducting a Sales Blitz †¢Establishing a network to Tour Travel agencies †¢Organizers of cultural events †¢Organizers of religious events †¢ Mass Media exposures †¢Other prospect MARKETING STRATEGIES POSITIONING PRODUCT STRATEGY. For its guests, CCRR is positioned in beautiful virgin landscaped, nature-filled, unique atmosphere resort with a numerous choices of recreational activities, and local food beverage food stall aside the AREA, NATURAL ATTRACTION IS AVAILABLE TO THE NEEDS OF A PARTICULAR GUEST. DISTRIBUTION STRATEGY Unlike products that are produced, then distributed, and sold, hotel and resort services are produced and consumed simultaneously in a real-time environment. Thus, distribution issues center on making the services available in a convenient manner to the greatest number of potential guest Crescent Cove. Recreational Resort will maintain a front office staff member throughout the night so guests are able to get answers to any question or service when they need it. This flexibility is especially attractive to the business traveler. Clients will be able to contact Crescent Cove Recreational Resort by telephone, fax, and e-mail and walk-in mode. Pricing Strategy Rooms per night fees have been developed. The fee schedule takes into account seasonal rates that are common in the area. Resort Room Classification offers Amenities available in room Number of accomodation Room Rates ( per night). CCRR †¢Economy †¢Standard †¢De Luxe †¢Single Bed, CD Player, Radio †¢Double Bed,DVD Player, TV Set †¢Queen Bed,DVD Player, Cable TV Set, †¢(Minimum of 1Maximum of 2) †¢(Minimum of 2Maximum of 3) †¢Minimum of 3 Maximum of 4 †¢I. Php 2800 II. Php 2300 †¢I. Php 3300 II. Php 2600 †¢I. Php 4000 II. Php. 3500 Kitchenette, Sofa Set Punta Azul †¢Regular †¢De Luxe Queen Bed, hot-and-cold showers, bathtub, and complimentary toiletries. Maximum of 3 guests †¢Php3,200 PHP2,500 †¢Php3,500 Php2,800 Agua Seda †¢Standard †¢De Luxe †¢Family Cable TV †¢2 MAXIMUM OF 4 PERSONS. †¢4 persons †¢8 persons †¢I. Php 2500 II. Php 1800 †¢I. Php 4500 II. Php 3500 †¢I. Php 5000 II. Php 4000 others Homestay Comparison Matrix Diagram shows the competitiveness of CCRR over their competitors, the competitors that listed above detailed all their amenities while CCRR, detailed least of theirs. Mutual Amenities: †¢Wifi-c onnection †¢Private Toilet/Bathroom †¢Airconditioned Room †¢ NOTES: Peak Season ( March- June) Off-Season ( all other months) Legends: (In Room Rates). I- PEAK SEASON II- OFF- SEASON Service and Support Philosophy By giving careful consideration to customer responsiveness, Crescent Cove Recreational Resort’s goal will be to meet and exceed every service expectation of its recreational and rersort services. Our guests can expect quality service and a total quality management (TQM) philosophy throughout all levels of the staff. Promotion Strategy Promotion strategies will vary depending on the target market segments. Given the importance of word-of-mouth referrals among all market segments when choosing a getaway resort or small business location, our efforts are designed to create awareness and build referrals. A cost-effective campaign—focused on direct marketing, publicity, our frequent guest reward program, and advertising—is being proposed. Frequent Guest Reward It is one of our marketing promotional strategy where if a prospect ( former guest, taxi driver etc) can refer potential guest, can get 10 % discount for our Economy room service. SWOT Analysis Contingency measures to overcome possible threats †¢Frequent Guest Award or looking for Mass mediator such as Blogger to write things about our resort and the rest of our ways to gain our target market. Hospitality Entrepreneurship and Business Planning Miguel D. Del Rosario BSHM 3-1 Ms. Rosan Pizarro Professor-in-Charge.

Network System for Secure Communication

Network System for Secure Communication Methodology: The main methodology involved behind this research project is to provide the importance of such technology from professionals and well referred articles. Some of the general interviews will be added to the project with details showing their interest towards the current technology and also the change they see in communicating with the new technology. It on the hands of the components of IP Security that contribute to this level of secure communication: The IP Security (IPSec) Driver is used to monitor, filter, and secures the traffic throughout the system. The (ISAKMP/Oakley) abbreviated as Internet Security Association Key Management Protocol performs key exchange and management functions that oversee security issues between hosts, and provide keys which can be used with security algorithms. The IP Security Policy and the Security Associations are derived from those policies that define the security environment where two hosts can communicate. The function of Security Association API is to provide the interface between the IPSec driver, the Policy Agent and the ISAKMP. The function of the management tools is to create policies, monitor IP Security statistics, and log IP Security events. The main methodologies which are under consideration for this project are Classical encryption technologies, IP sec Tunnel, IP sec VPN, Internet Key Exchange methods, Block Cipher Data Encryption, Advanced Encryption, Symmetric ciphers, Public private key functions, Digital signature etc, which have suggested me to design a better system. Implementation: The main reason behind selecting IPSec is that it so powerful that it provides security to IP layer, and also forms the basis for all the other TCP/IP protocols. This is generally composed of two protocols: Authentication Header (AH); Encapsulating Security Payload (ESP); IPSec Implementation Methods: IPSec is comprised of several implementations architectures which are defined in RFC 2401. The IPSec implementation also depends on various factors including the version of IP used (v4 versus v6), the basic requirements of the application and other factors. End Host Implementation: Implementing IPSec in all host devices provides the most flexibility and security. It enables â€Å"end-to-end† security between any two devices on the network. Router Implementation: Router implementation however is a much simpler task since we only make changes to a few routers instead of hundreds or thousands of clients. It only provides protection between pairs of routers that implement IPSec, but this may be sufficient for certain applications such as virtual private networks (VPNs). The idea will be implemented after proper testing of various available methodologies. The current strategy for implementation is as follows:. We use certain open source softwares which provide encryption and decryption methods and authentication. In the actual system, the user is asked to enter details of files to be sent and also some other details about the password and the public keys if included. The required software are used in a way which helps to run a smooth process and secure operation. CONTENTS Acknowledgement I owe many thanks to people who helped supported me in doing my dissertation. Firstly, I would like to express my immense gratitude to my respected professor Mr. Dr. XXX, YYYY University, London for his support and motivation that has helped me to come up with this project. He supported me when its needed and suggested me in understanding various methodologies in my project. He also took care of my project with attention to achieve my goal. I thank to my Institution and faculty members for giving me an opportunity to do my dissertation and also for library, computer lab facilities for doing my dissertation to achieve practical results which can resolve my project related issues. I also extend my Heart full thanks to my family friends. I owe my special thanks to my Dad and his colleagues who gave me suggestions on doing my Dissertation. Abstract In the present system the network helps a particular organization to share the data by using external devices. The external devices are used to carry the data. The existing system cannot provide security, which allows an unauthorized user to access the secret files. It also cannot share a single costly printer. Many interrupts may occur within the system. Though it is advantageous we have numerous disadvantageous, somebody writes a program and can make the costly printer to misprint the data. Similarly some unauthorized user may get access over the network and may perform any illegal functions like deleting some of the sensitive information Security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information because he should not be able to understand whats the actual information in the file, which is the main intention of the project. The project is designed to protect the sensitive information while it is in transaction in the network. There are many chances that an unauthorized person can have an access over the network in some way and can access this sensitive information. My main topic focuses on IPSec (Internet Protocol Security) is an extension to the IP protocol specified by IETF which provides security to the IP and the upper-layer protocols and cryptography in a network sharing system. It was first developed for the new IPv6 standard and then â€Å"back ported† to IPv4. The IPSec architecture is described in the IPSec uses two different protocols AH (Authentication Header) and ESP (Encapsulating security payload) to ensure the authentication, integrity and confidentiality of the communication. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. [2] Cryptography is the technique used to secure the data while they are in transactions. Encryption and Decryption are two techniques used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The main idea behind the design is to provide a secured communication between the networks showing network level performance practically by differentiating different operating system which can ensure the security, authenticity by considering, analyzing and testing any best available methodologies. 1. Introduction: Businesses today are focused on the importance of securing customer and business data. Increasing regulatory requirements are driving need for security of data. There have been many methods which have evolved over the years to address the need for security. Many of the methods are focused at the higher layers of the OSI protocol stack, thus compensating the IPs lack in resolving security issues. These solutions can be implemented in certain situations, but they cannot be generalized because they are particularly too many applications. For example, Secure Sockets Layer (SSL) can be used for certain applications like World Wide Web access or FTP, but there are many other applications which cannot be resolved with this type of security. A solution is required to allow security at the IP level was very necessary so that all higher-layer protocols in TCP/IP could take advantage of it. When the decision was made to develop a new version of IP (IPv6), this was the golden opportunity to resolve not just the addressing problems in the older IPv4, but also resolve lack of security issues as well. Later a new security technology was developed with IPv6 in mind, but since IPv6 has taken long time to develop, and thus a solution was designed to be usable for both IPv4 and IPv6. The technology which brings a secure communications to the Internet Protocol is known as IP Security, commonly abbreviated as IPSec. IPSec services allow users to build secure tunnels through certain networks. All the data that passes through the entrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result obtained is a Virtual Private Network or VPN. This network is effectively private even though it includes machines at several different sites which are connected by the insecure Internet. Cryptography technique is used to secure the data while they are in transactions. Encryption and Decryption are two techniques which are used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The Encryption and Decryption are termed as two powerful security technologies that are widely implemented to protect the data from loss and deliberate compromise. In this project the networking allows the company to share files or data without using certain external devices. Some unauthorized users may get access over the network and perform some illegal functions in certain cases like deleting files while the transaction is still on at that time encryption and then decryption techniques are implemented to secure the data. Many other attacks in cryptography are considered which lead me to research on different types of IPSec implementation methodologies in order to design the best model such that it may be suitable for the present trend of networking systems also form a platform to enable communication to the outside world. Thus in orders to implement IPSec, certain modifications are required to the systems communications routines and certain new systems processes conduct secret key negotiations. What is IPSec? An extension to the IP protocol is considered as IPSec which provides high level security to the IP and to the upper-layer protocols. This was initially developed for the new IPv6 standard and then was back ported to IPv4. IPSec provides the following security services: data origin authentication, connectionless integrity, replay protection, data confidentiality, limited traffic flow confidentiality, and key negotiation and management. It has been made mandatory by the IETF for the use of IPSec wherever feasible; the standards documents are close to completion, and there are numerous implementations. Overview of IPSec Architecture: The IPSec suite defined as a framework of open standards. The following protocols are used by IPSec to perform various functions. [2][3] IPSec provides three main facilities which are explained below: Internet key exchange(IKE and IKEv2) : This is used to set up a security association (SA) which can be done by handling negotiation of protocols and algorithms and generating the encryption and authentication keys which can be used by IPSec.[4][5] Authentication Header (AH): This is used to provide connectionless integrity and data origin authentication for IP datagrams and also provides protection against replay attacks.[6][7] Encapsulating Security Payload (ESP): This is used to provide confidentiality, data origin authentication, connectionless integrity, anti-replay service, and limited traffic flow confidentiality. [9] Both authentication and encryption are generally desired in this mechanism. Assure that unauthorized users do not penetrate the virtual private network Assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network. Since both the above features are generally desirable, most implementations are likely to use ESP rather than AH. Security Association: The security Association mechanism is used for authentication (AH) and confidentiality (ESP) A one way relationship between a sender and a receiver that affords security services to the traffic carried on it. Security services are afforded to an SA for the use of AH or ESP but not both. SA identified by three parameters: Security Parameter Index (SPI) IP destination address Security protocol identifier Overview of IPSec Services and Functions: IPSec is not only assumed as a single protocol, but is rather considered as a set of services and protocols which provide a complete security solution to the IP network. These services and protocols are combined to provide various types of protection. Since IPSec usually works at the IP layer, it provides protection for any higher layer TCP/IP application or protocol without using any additional security methods, which is considered as a major strength for its implementation. General types of protection services offered by IPSec include: Encryption of user data to achieve privacy. Authentication and message integrity has to be achieved to ensure that it is not changed on route. Protection against certain types of security attacks, such as replay attacks. The ability of the devices to negotiate the security algorithms and keys required in order to meet their security needs. wo security modes called tunnel and transport are implemented to meet the various network needs. Features Benefits: IPSec is observed to be transparent by the end users. The users on the security mechanisms need not be trained. IPSec assures security measures for individuals. There is no requirement to change the software on a user or a server system. Strong security measures are applied to the entire traffic crossing the perimeter. 2. Objective: IPSec is mostly designed in order to encrypt the data between the two systems without any spoofing attacks. It is a key force of defence against internal and external attacks. However, other than these, there are many other security strategies which have prevented the security attacks. The main idea in my research is to provide a better approach to the implementation of IP Security by analyzing the present methodologies. In the implementation of this design, I am also considering different operating systems to provide a better approach towards security which can prove to be good in ideal ways. The design of such an approach is helpful in restricting any unauthorised access to the network and also helps in providing a secure and authenticated access. The main idea behind the design is to provide a secured communication between the networks independent of the operating system which can ensure the security, authenticity by considering, analyzing and testing any two best available methodologies. In my overview of RFCs available in the Internet such as Cryptography the receiver end of a particular communication channel is not aware of the sender unless the sender transmits some information with private and public keys with cipher text which can prove his authenticity. Now the receiver sends the same package with his signature and then the receiver is also authenticated mutually. Attacks may occur in different ways. There are also many ways where in such communications can be detected and using techniques like eavesdropping or sniffing or man in the middle attack. These are the three major problems for secure communications. In my research, I will attempt to design a procedure which can be easily followed in order to overcome such problems. There are many techniques available now which are better than normal communication. The major problem in such techniques is the implementation of man in the middle attack. There have been many advances to try and rectify the problems but there has always been a flaw in the design. My research is to design a system using the current technologies used to encrypt and authenticate. These techniques play a major role in the implementation of IP Security. The major interest would be in areas like encryption, decryption and authentication. Additions will be done to this research as it is implemented. The goal is to use research existing systems and to suggest a system which makes it even hard to break. It is not 100% immune to attacks but the attack may take longer to break the system than the present rate. This system will also be very safe and will be easy to use in daily life rather than something with a dozen processing steps to be followed. 2.2 SCOPE With the rapid development of Multimedia data management technologies over the internet there is need to concern about the internet there is need to concern about the security and privacy of information. In multimedia document, dissipation and sharing of data is becoming a common practice for internet based application and enterprises. As the internet forms the open source the present for all users security Forms the critical issue. Hence the transfer of information over the internet forms the critical issue. At the present situations the cryptographic techniques are used for providing ‘SECURITY. 2.3 PROJECT PERSPECTIVE The project â€Å"Network system for Secure Communication† is totally enhanced with the features that enable us to feel the real-time environment. Todays world is mostly employing the latest networking techniques instead of using stand-alone PCs. IPSec tunnelling or Encryption, information scrambling technology is an important security tool. By properly applying, it can provide a secure communication channel even when the underlying system and network infrastructure is not secure. This is particularly important when data passes through the shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data and especially passwords should be encrypted in order to protect it from unintended disclosure or modification. 2.4 PROPOSED SYSTEM In this system ‘security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information, The proposed system provides the ‘security and it does not allow unauthorized users to access the secret files. As per the ISO standards the security parameters are: Confidentiality Authentication Integrity Key distribution Access control CONFIDENTIALITY: Confidentiality is the protection of transmitted data from passive attacks. It can protect the data from unauthorized disclosure. AUTHENTICATION: A process used to verify the integrity of the transmitted data, especially a message. It is the process of proving ones identity to someone else. INTEGRITY: The sender and the receiver want to ensure that the content of their communication is not altered during transmission. KEY DISTRIBUTION: Key distribution can be defined as a term that refers to means of delivering a key to the communicating parties, without allowing others to see the key. ACCESS CONTROL: It is a ability to limit and control the access to host systems and applications via communication links. 3.Literature Review This project emphasis design and evaluates a computer-based system using appropriate process and tools. Most of the industry wide routers in the network implement their functionality in hardware and therefore we believe that hardware based routers are more efficient than a software-based router implementation besides that most of the work is in the research community which will be performed, using software-based routers utilizing off-the-shelf PCs. Various works have to be attempted which evaluates different protocol stack, however none of them use hardware-based routers, has such a wide range of metrics, and none investigated mechanisms. My research methodology emphasis surveys, forums from the internet and articles from IEEE (Institute of Electrical and Electronics EngineersorIEEE) a quantitative approach in advance technology. I also consider various other thesis and books which are best suitable for my project. Here following are the network related definitions, and few protocols from application layer, network and internet layer also discussed which actually gives clear idea of understanding the concepts. 3.1 IPSec Standards: IPSec is actually a collection of techniques and protocols; it is not defined in a single Internet standard. Instead, a collection of RFCs defines the architecture, services and specific protocols used in IPSec. Some of the most important of these are shown below: [RFC 2401] Security Architecture for the Internet Protocol (IPSec overview) The main IPSec document describes the architecture and general operation of the technology, and showing how the different components fit together. [RFC 2402] IP Authentication Header It defines the IPSec Authentication Header (AH) protocol used for ensuring data integrity and origin verification. [RFC 2403] The Use of HMAC-MD5-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Message Digest 5 (MD5), HMAC variant. [RFC 2404] The Use of HMAC-SHA-1-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Secure Hash Algorithm 1 (SHA-1), HMAC variant. [RFC 2406] IP Encapsulating and Security payload (ESP) It describes the IPSec Encapsulation Security Payload (ESP) protocol that provides data encryption for confidentiality. [RFC 2408] Internet Security Association and Key Management Protocol (ISAKMP) It defines methods for exchanging keys and negotiating security associations. [RFC 2409] The Internet Key Exchange (IKE) Describes the Internet Key Exchange (IKE) protocol used to negotiate security associations and exchange keys between devices for secure communications. It is based on ISAKMP and OAKLEY. [RFC 2412] The OAKLEY Key Determination Protocol It describes a generic protocol for key exchange. [RFC 2131] Dynamic Host Configuration Protocol (DHCP) DHCP allows a host to obtain an IP address automatically, as well as to learn additional information about subnet mask, the address of its first-hop router, and the address of its local DNS server. [RFC 2131; RFC 3022] Network Address Translation (NAT)- In an attempt to provide transparent routing to hosts, NAT devices are used to connect an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses. Domain Name System (DNS): It is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various other information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. For example, www.example.com translates to 208.77.188.166. Windows Internet Name Service (WINS): It is Microsofts implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Effectively WINS is to NetBIOS names, like DNS is to domain names in fact its a central mapping of host names to network addresses. Like DNS it is broken into two parts, a Server Service (that manages the encoded Jet Database, server to server replication, service requests, and conflicts) and a TCP/IP Client component which manages the clients registration and renewal of names, and takes care of queries. VPN (Virtual Private Network) : It is a virtual computer network that exists over the top of an existing network. The purpose of a VPN is to allow communications between systems connected to the VPN using an existing shared network infrastructure as the transport, without the VPN network being aware of the existence of the underlying network backbone or without the VPN interfering with other network traffic on the backbone. A VPN between two networks is often referred to as a VPN Tunnel. Most VPN technologies can be separated into two broad categories, Secure VPNs and Trusted VPNs. Internet Protocol version 6 (IPv6): It is the next-generation Internet Protocol version designated as the successor to IPv4. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol was the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460. IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion. Due to its security and flexibility entire Internet will be deployed byIPv6 in 2012 as expected. Tunnelling: In computer networks tunnelling protocol (delivery protocol) encapsulates the different payload protocol i.e., It carries a payload over an incompatible delivery-network. It can also provide a secure path through an untrusted network without any data loss. Transport Layer Security (TLS): Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Encryption: In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text). In many contexts, the word encryption also implicitly refers to the reverse process, decryption. Internet Key Exchange: Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties. 4.IPSec System Architecture Authentication Header and Encapsulating Security Payload are commonly called â€Å"protocols†, though this is another case where the validity of this term is debatable. They are not really distinct protocols but are implemented as headers that are inserted into IP datagrams, as we will see. They thus do the â€Å"grunt work† of IPSec, and can be used together to provide both authentication and privacy. IPSec protocols: The IPSec protocol family consists of two protocols: Authentication Header (AH) and Encapsulated Security Payload (ESP). Both these protocols are independent IP. AH is the IP protocol 51 and ESP is the IP protocol 50 Authentication Header: This is a member of the IPSec protocol suite. Authentication Header provides connectionless data integrity and data origin authentication of IP packets. Further, it can also provide protection against the replay attacks by using the sliding window technique and by discarding the old packets. Authentication Header also gives protection for the IP payload and all the header fields of an IP datagram. AH generally operates on the stop of IP, by using the IP protocol number 51. An AH packet diagram is shown below which describes how an AH packet can be constructed and interpreted: Field meanings: Next header: This field is an 8-bit field that mainly identifies the type of the next payload obtained after the Authentication Header. The value of this field can be chosen from the set of defined IP Protocol Numbers. RESERVED These fields are usually reserved for the future use. Payload length This defines the size of Authentication Header packet. Sequence number This field represents a monotonically increasing number which is used to prevent certain replay attacks. Security parameters index (SPI) This field is used to identify the security parameters, in combination with the IP address, and then identify the security association techniques implemented with this packet. Authentication data This field contains the integrity check value (ICV) which is necessary to authenticate the packet. This field may also contain padding. Encapsulating Security Payload: ESP which can be expanded as Encapsulating Security Payload is a member belonging of the IPSec protocol suite. IPSec achieves integrity, origin authenticity, and confidentiality protection of packets. This protocol also supports encryption-only and authentication-only configurations. However usage of only encryption technique without authentication is not recommended because it is termed insecure. ESP does not protect the IP packet header like the Authentication Header (AH) does. The packet diagram below shows how an ESP packet is constructed and interpreted: Field meanings: Security paramete Network System for Secure Communication Network System for Secure Communication Methodology: The main methodology involved behind this research project is to provide the importance of such technology from professionals and well referred articles. Some of the general interviews will be added to the project with details showing their interest towards the current technology and also the change they see in communicating with the new technology. It on the hands of the components of IP Security that contribute to this level of secure communication: The IP Security (IPSec) Driver is used to monitor, filter, and secures the traffic throughout the system. The (ISAKMP/Oakley) abbreviated as Internet Security Association Key Management Protocol performs key exchange and management functions that oversee security issues between hosts, and provide keys which can be used with security algorithms. The IP Security Policy and the Security Associations are derived from those policies that define the security environment where two hosts can communicate. The function of Security Association API is to provide the interface between the IPSec driver, the Policy Agent and the ISAKMP. The function of the management tools is to create policies, monitor IP Security statistics, and log IP Security events. The main methodologies which are under consideration for this project are Classical encryption technologies, IP sec Tunnel, IP sec VPN, Internet Key Exchange methods, Block Cipher Data Encryption, Advanced Encryption, Symmetric ciphers, Public private key functions, Digital signature etc, which have suggested me to design a better system. Implementation: The main reason behind selecting IPSec is that it so powerful that it provides security to IP layer, and also forms the basis for all the other TCP/IP protocols. This is generally composed of two protocols: Authentication Header (AH); Encapsulating Security Payload (ESP); IPSec Implementation Methods: IPSec is comprised of several implementations architectures which are defined in RFC 2401. The IPSec implementation also depends on various factors including the version of IP used (v4 versus v6), the basic requirements of the application and other factors. End Host Implementation: Implementing IPSec in all host devices provides the most flexibility and security. It enables â€Å"end-to-end† security between any two devices on the network. Router Implementation: Router implementation however is a much simpler task since we only make changes to a few routers instead of hundreds or thousands of clients. It only provides protection between pairs of routers that implement IPSec, but this may be sufficient for certain applications such as virtual private networks (VPNs). The idea will be implemented after proper testing of various available methodologies. The current strategy for implementation is as follows:. We use certain open source softwares which provide encryption and decryption methods and authentication. In the actual system, the user is asked to enter details of files to be sent and also some other details about the password and the public keys if included. The required software are used in a way which helps to run a smooth process and secure operation. CONTENTS Acknowledgement I owe many thanks to people who helped supported me in doing my dissertation. Firstly, I would like to express my immense gratitude to my respected professor Mr. Dr. XXX, YYYY University, London for his support and motivation that has helped me to come up with this project. He supported me when its needed and suggested me in understanding various methodologies in my project. He also took care of my project with attention to achieve my goal. I thank to my Institution and faculty members for giving me an opportunity to do my dissertation and also for library, computer lab facilities for doing my dissertation to achieve practical results which can resolve my project related issues. I also extend my Heart full thanks to my family friends. I owe my special thanks to my Dad and his colleagues who gave me suggestions on doing my Dissertation. Abstract In the present system the network helps a particular organization to share the data by using external devices. The external devices are used to carry the data. The existing system cannot provide security, which allows an unauthorized user to access the secret files. It also cannot share a single costly printer. Many interrupts may occur within the system. Though it is advantageous we have numerous disadvantageous, somebody writes a program and can make the costly printer to misprint the data. Similarly some unauthorized user may get access over the network and may perform any illegal functions like deleting some of the sensitive information Security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information because he should not be able to understand whats the actual information in the file, which is the main intention of the project. The project is designed to protect the sensitive information while it is in transaction in the network. There are many chances that an unauthorized person can have an access over the network in some way and can access this sensitive information. My main topic focuses on IPSec (Internet Protocol Security) is an extension to the IP protocol specified by IETF which provides security to the IP and the upper-layer protocols and cryptography in a network sharing system. It was first developed for the new IPv6 standard and then â€Å"back ported† to IPv4. The IPSec architecture is described in the IPSec uses two different protocols AH (Authentication Header) and ESP (Encapsulating security payload) to ensure the authentication, integrity and confidentiality of the communication. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. [2] Cryptography is the technique used to secure the data while they are in transactions. Encryption and Decryption are two techniques used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The main idea behind the design is to provide a secured communication between the networks showing network level performance practically by differentiating different operating system which can ensure the security, authenticity by considering, analyzing and testing any best available methodologies. 1. Introduction: Businesses today are focused on the importance of securing customer and business data. Increasing regulatory requirements are driving need for security of data. There have been many methods which have evolved over the years to address the need for security. Many of the methods are focused at the higher layers of the OSI protocol stack, thus compensating the IPs lack in resolving security issues. These solutions can be implemented in certain situations, but they cannot be generalized because they are particularly too many applications. For example, Secure Sockets Layer (SSL) can be used for certain applications like World Wide Web access or FTP, but there are many other applications which cannot be resolved with this type of security. A solution is required to allow security at the IP level was very necessary so that all higher-layer protocols in TCP/IP could take advantage of it. When the decision was made to develop a new version of IP (IPv6), this was the golden opportunity to resolve not just the addressing problems in the older IPv4, but also resolve lack of security issues as well. Later a new security technology was developed with IPv6 in mind, but since IPv6 has taken long time to develop, and thus a solution was designed to be usable for both IPv4 and IPv6. The technology which brings a secure communications to the Internet Protocol is known as IP Security, commonly abbreviated as IPSec. IPSec services allow users to build secure tunnels through certain networks. All the data that passes through the entrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result obtained is a Virtual Private Network or VPN. This network is effectively private even though it includes machines at several different sites which are connected by the insecure Internet. Cryptography technique is used to secure the data while they are in transactions. Encryption and Decryption are two techniques which are used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The Encryption and Decryption are termed as two powerful security technologies that are widely implemented to protect the data from loss and deliberate compromise. In this project the networking allows the company to share files or data without using certain external devices. Some unauthorized users may get access over the network and perform some illegal functions in certain cases like deleting files while the transaction is still on at that time encryption and then decryption techniques are implemented to secure the data. Many other attacks in cryptography are considered which lead me to research on different types of IPSec implementation methodologies in order to design the best model such that it may be suitable for the present trend of networking systems also form a platform to enable communication to the outside world. Thus in orders to implement IPSec, certain modifications are required to the systems communications routines and certain new systems processes conduct secret key negotiations. What is IPSec? An extension to the IP protocol is considered as IPSec which provides high level security to the IP and to the upper-layer protocols. This was initially developed for the new IPv6 standard and then was back ported to IPv4. IPSec provides the following security services: data origin authentication, connectionless integrity, replay protection, data confidentiality, limited traffic flow confidentiality, and key negotiation and management. It has been made mandatory by the IETF for the use of IPSec wherever feasible; the standards documents are close to completion, and there are numerous implementations. Overview of IPSec Architecture: The IPSec suite defined as a framework of open standards. The following protocols are used by IPSec to perform various functions. [2][3] IPSec provides three main facilities which are explained below: Internet key exchange(IKE and IKEv2) : This is used to set up a security association (SA) which can be done by handling negotiation of protocols and algorithms and generating the encryption and authentication keys which can be used by IPSec.[4][5] Authentication Header (AH): This is used to provide connectionless integrity and data origin authentication for IP datagrams and also provides protection against replay attacks.[6][7] Encapsulating Security Payload (ESP): This is used to provide confidentiality, data origin authentication, connectionless integrity, anti-replay service, and limited traffic flow confidentiality. [9] Both authentication and encryption are generally desired in this mechanism. Assure that unauthorized users do not penetrate the virtual private network Assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network. Since both the above features are generally desirable, most implementations are likely to use ESP rather than AH. Security Association: The security Association mechanism is used for authentication (AH) and confidentiality (ESP) A one way relationship between a sender and a receiver that affords security services to the traffic carried on it. Security services are afforded to an SA for the use of AH or ESP but not both. SA identified by three parameters: Security Parameter Index (SPI) IP destination address Security protocol identifier Overview of IPSec Services and Functions: IPSec is not only assumed as a single protocol, but is rather considered as a set of services and protocols which provide a complete security solution to the IP network. These services and protocols are combined to provide various types of protection. Since IPSec usually works at the IP layer, it provides protection for any higher layer TCP/IP application or protocol without using any additional security methods, which is considered as a major strength for its implementation. General types of protection services offered by IPSec include: Encryption of user data to achieve privacy. Authentication and message integrity has to be achieved to ensure that it is not changed on route. Protection against certain types of security attacks, such as replay attacks. The ability of the devices to negotiate the security algorithms and keys required in order to meet their security needs. wo security modes called tunnel and transport are implemented to meet the various network needs. Features Benefits: IPSec is observed to be transparent by the end users. The users on the security mechanisms need not be trained. IPSec assures security measures for individuals. There is no requirement to change the software on a user or a server system. Strong security measures are applied to the entire traffic crossing the perimeter. 2. Objective: IPSec is mostly designed in order to encrypt the data between the two systems without any spoofing attacks. It is a key force of defence against internal and external attacks. However, other than these, there are many other security strategies which have prevented the security attacks. The main idea in my research is to provide a better approach to the implementation of IP Security by analyzing the present methodologies. In the implementation of this design, I am also considering different operating systems to provide a better approach towards security which can prove to be good in ideal ways. The design of such an approach is helpful in restricting any unauthorised access to the network and also helps in providing a secure and authenticated access. The main idea behind the design is to provide a secured communication between the networks independent of the operating system which can ensure the security, authenticity by considering, analyzing and testing any two best available methodologies. In my overview of RFCs available in the Internet such as Cryptography the receiver end of a particular communication channel is not aware of the sender unless the sender transmits some information with private and public keys with cipher text which can prove his authenticity. Now the receiver sends the same package with his signature and then the receiver is also authenticated mutually. Attacks may occur in different ways. There are also many ways where in such communications can be detected and using techniques like eavesdropping or sniffing or man in the middle attack. These are the three major problems for secure communications. In my research, I will attempt to design a procedure which can be easily followed in order to overcome such problems. There are many techniques available now which are better than normal communication. The major problem in such techniques is the implementation of man in the middle attack. There have been many advances to try and rectify the problems but there has always been a flaw in the design. My research is to design a system using the current technologies used to encrypt and authenticate. These techniques play a major role in the implementation of IP Security. The major interest would be in areas like encryption, decryption and authentication. Additions will be done to this research as it is implemented. The goal is to use research existing systems and to suggest a system which makes it even hard to break. It is not 100% immune to attacks but the attack may take longer to break the system than the present rate. This system will also be very safe and will be easy to use in daily life rather than something with a dozen processing steps to be followed. 2.2 SCOPE With the rapid development of Multimedia data management technologies over the internet there is need to concern about the internet there is need to concern about the security and privacy of information. In multimedia document, dissipation and sharing of data is becoming a common practice for internet based application and enterprises. As the internet forms the open source the present for all users security Forms the critical issue. Hence the transfer of information over the internet forms the critical issue. At the present situations the cryptographic techniques are used for providing ‘SECURITY. 2.3 PROJECT PERSPECTIVE The project â€Å"Network system for Secure Communication† is totally enhanced with the features that enable us to feel the real-time environment. Todays world is mostly employing the latest networking techniques instead of using stand-alone PCs. IPSec tunnelling or Encryption, information scrambling technology is an important security tool. By properly applying, it can provide a secure communication channel even when the underlying system and network infrastructure is not secure. This is particularly important when data passes through the shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data and especially passwords should be encrypted in order to protect it from unintended disclosure or modification. 2.4 PROPOSED SYSTEM In this system ‘security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information, The proposed system provides the ‘security and it does not allow unauthorized users to access the secret files. As per the ISO standards the security parameters are: Confidentiality Authentication Integrity Key distribution Access control CONFIDENTIALITY: Confidentiality is the protection of transmitted data from passive attacks. It can protect the data from unauthorized disclosure. AUTHENTICATION: A process used to verify the integrity of the transmitted data, especially a message. It is the process of proving ones identity to someone else. INTEGRITY: The sender and the receiver want to ensure that the content of their communication is not altered during transmission. KEY DISTRIBUTION: Key distribution can be defined as a term that refers to means of delivering a key to the communicating parties, without allowing others to see the key. ACCESS CONTROL: It is a ability to limit and control the access to host systems and applications via communication links. 3.Literature Review This project emphasis design and evaluates a computer-based system using appropriate process and tools. Most of the industry wide routers in the network implement their functionality in hardware and therefore we believe that hardware based routers are more efficient than a software-based router implementation besides that most of the work is in the research community which will be performed, using software-based routers utilizing off-the-shelf PCs. Various works have to be attempted which evaluates different protocol stack, however none of them use hardware-based routers, has such a wide range of metrics, and none investigated mechanisms. My research methodology emphasis surveys, forums from the internet and articles from IEEE (Institute of Electrical and Electronics EngineersorIEEE) a quantitative approach in advance technology. I also consider various other thesis and books which are best suitable for my project. Here following are the network related definitions, and few protocols from application layer, network and internet layer also discussed which actually gives clear idea of understanding the concepts. 3.1 IPSec Standards: IPSec is actually a collection of techniques and protocols; it is not defined in a single Internet standard. Instead, a collection of RFCs defines the architecture, services and specific protocols used in IPSec. Some of the most important of these are shown below: [RFC 2401] Security Architecture for the Internet Protocol (IPSec overview) The main IPSec document describes the architecture and general operation of the technology, and showing how the different components fit together. [RFC 2402] IP Authentication Header It defines the IPSec Authentication Header (AH) protocol used for ensuring data integrity and origin verification. [RFC 2403] The Use of HMAC-MD5-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Message Digest 5 (MD5), HMAC variant. [RFC 2404] The Use of HMAC-SHA-1-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Secure Hash Algorithm 1 (SHA-1), HMAC variant. [RFC 2406] IP Encapsulating and Security payload (ESP) It describes the IPSec Encapsulation Security Payload (ESP) protocol that provides data encryption for confidentiality. [RFC 2408] Internet Security Association and Key Management Protocol (ISAKMP) It defines methods for exchanging keys and negotiating security associations. [RFC 2409] The Internet Key Exchange (IKE) Describes the Internet Key Exchange (IKE) protocol used to negotiate security associations and exchange keys between devices for secure communications. It is based on ISAKMP and OAKLEY. [RFC 2412] The OAKLEY Key Determination Protocol It describes a generic protocol for key exchange. [RFC 2131] Dynamic Host Configuration Protocol (DHCP) DHCP allows a host to obtain an IP address automatically, as well as to learn additional information about subnet mask, the address of its first-hop router, and the address of its local DNS server. [RFC 2131; RFC 3022] Network Address Translation (NAT)- In an attempt to provide transparent routing to hosts, NAT devices are used to connect an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses. Domain Name System (DNS): It is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various other information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. For example, www.example.com translates to 208.77.188.166. Windows Internet Name Service (WINS): It is Microsofts implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Effectively WINS is to NetBIOS names, like DNS is to domain names in fact its a central mapping of host names to network addresses. Like DNS it is broken into two parts, a Server Service (that manages the encoded Jet Database, server to server replication, service requests, and conflicts) and a TCP/IP Client component which manages the clients registration and renewal of names, and takes care of queries. VPN (Virtual Private Network) : It is a virtual computer network that exists over the top of an existing network. The purpose of a VPN is to allow communications between systems connected to the VPN using an existing shared network infrastructure as the transport, without the VPN network being aware of the existence of the underlying network backbone or without the VPN interfering with other network traffic on the backbone. A VPN between two networks is often referred to as a VPN Tunnel. Most VPN technologies can be separated into two broad categories, Secure VPNs and Trusted VPNs. Internet Protocol version 6 (IPv6): It is the next-generation Internet Protocol version designated as the successor to IPv4. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol was the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460. IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion. Due to its security and flexibility entire Internet will be deployed byIPv6 in 2012 as expected. Tunnelling: In computer networks tunnelling protocol (delivery protocol) encapsulates the different payload protocol i.e., It carries a payload over an incompatible delivery-network. It can also provide a secure path through an untrusted network without any data loss. Transport Layer Security (TLS): Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Encryption: In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text). In many contexts, the word encryption also implicitly refers to the reverse process, decryption. Internet Key Exchange: Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties. 4.IPSec System Architecture Authentication Header and Encapsulating Security Payload are commonly called â€Å"protocols†, though this is another case where the validity of this term is debatable. They are not really distinct protocols but are implemented as headers that are inserted into IP datagrams, as we will see. They thus do the â€Å"grunt work† of IPSec, and can be used together to provide both authentication and privacy. IPSec protocols: The IPSec protocol family consists of two protocols: Authentication Header (AH) and Encapsulated Security Payload (ESP). Both these protocols are independent IP. AH is the IP protocol 51 and ESP is the IP protocol 50 Authentication Header: This is a member of the IPSec protocol suite. Authentication Header provides connectionless data integrity and data origin authentication of IP packets. Further, it can also provide protection against the replay attacks by using the sliding window technique and by discarding the old packets. Authentication Header also gives protection for the IP payload and all the header fields of an IP datagram. AH generally operates on the stop of IP, by using the IP protocol number 51. An AH packet diagram is shown below which describes how an AH packet can be constructed and interpreted: Field meanings: Next header: This field is an 8-bit field that mainly identifies the type of the next payload obtained after the Authentication Header. The value of this field can be chosen from the set of defined IP Protocol Numbers. RESERVED These fields are usually reserved for the future use. Payload length This defines the size of Authentication Header packet. Sequence number This field represents a monotonically increasing number which is used to prevent certain replay attacks. Security parameters index (SPI) This field is used to identify the security parameters, in combination with the IP address, and then identify the security association techniques implemented with this packet. Authentication data This field contains the integrity check value (ICV) which is necessary to authenticate the packet. This field may also contain padding. Encapsulating Security Payload: ESP which can be expanded as Encapsulating Security Payload is a member belonging of the IPSec protocol suite. IPSec achieves integrity, origin authenticity, and confidentiality protection of packets. This protocol also supports encryption-only and authentication-only configurations. However usage of only encryption technique without authentication is not recommended because it is termed insecure. ESP does not protect the IP packet header like the Authentication Header (AH) does. The packet diagram below shows how an ESP packet is constructed and interpreted: Field meanings: Security paramete