The Character Crook from Steinbecks Novel Essay - 1222 Words

The extract I have chosen is from the beginning of chapter four and stretches from page 71 to page 73. This extract gives a detailed description of Crooks, his room and his possessions. The extract I have chosen is from the beginning of chapter four and stretches from page 71 to page 73. This extract gives a detailed description of Crooks, his room and his possessions. The entrance of Lennie into Crooks ´ room and the development of their relationship throughout the scene is shown. At the beginning of the extract Lennie is not welcomed into Crooks ´ room, but at the end they begin to befriend each other. I chose this extract because it provides us with excellent examples of descriptions, dialogue, themes, relationships and†¦show more content†¦This is illustrated by the extensive detailing of Crooks ´ crooked spine, his deep black wrinkles and pain-tightened lips. The reader sympathises with Crooks because he is physically inept and suffers silently. Due to years of loneliness, Crooks is a private man and so was very annoyed when Lennie interrupted him whilst applying liniment to his back; this was a private act of a private man. If you guys would want a hand to work for nothing-just his keep, why I ´d come an ´ lend a hand. I ain ´t so crippled I can ´t work like a son-of-a-bitch if I want to, is an example of Crooks ´ loneliness as he proposes to work for George and Lennie if they buy a ranch of their own. He tries to reassure Lennie that he can still work hard despite his disability. He wants to join George and Lennie ´s dream to counteract his loneliness. This is emphasised by the fact that he is willing to work for just a bed and some food and go without wages. They say I stink. Well, I tell you, you all of you stink to me, is a possible reference to Carlson ´s remark about Candy ´s dog. This gives the impression that the general idea within the ranch is that Crooks is inferior to the others. This suggests that Steinbeck thinks that some black people feel the same way about white people as some white people feel about black people. Steinbeck uses Of Mice and Men ´ to portray issues which he feels strongly aboutShow MoreRelatedComparison Between of Mice and Men Novel Movie Essay787 Words   |  4 Pagesthe original version and the more recent film adaptation of John Steinbeck’s majorly successful novel, Of Mice and Men, the apparency of differences between the two is at times subtle while also being very obvious during different portions of the movie. In the film there are several major differences between the movie and the book with three being particularly apparent. We are shown the differences through the portrayals of char acters, Lennie’s sanity and, simply, the scenes themselves. When watchingRead MoreOf Mice And Men Isolation1219 Words   |  5 Pagesexpress themselves to, however, that is a misconception. There are many who suffer from the pain that isolation brings forth. In addition, there are several divisions in society that cause an emptiness in certain individuals. In society, categories such as race, gender, age, and even the lack of intelligence are all reasons behind isolation’s occurrence. The idea of isolation is further explained in John Steinbeck’s 1937 novel, Of Mice and Men, and in â€Å"Alone†, composed by the artist, I Prevail, in 2016Read MoreJohn Steinbeck: An American Writer During the Great Depression1315 Words   |  6 Pages1. Introduction During the 1920s and 1930s, USA was suffering from a terrible economic downturn-the Great Depression. It was also a boom period of literature creation and many well-known writers emerged in that special historical time. Because of the difficult situations, American writers turned their focus to social problems and issues. They were motivated to arouse sympathy for the suffering of common people, especially those at the very bottom of the society. (Wang, 2012) John Steinbeck (1902-1968)Read MoreCurleys Wife Loneliness Analysis859 Words   |  4 Pagesthem at some point in their lives. As we feel lonely, we feel the impact and must react some way to cope with the feeling and feel better with ourselves. As seen in John Steinbeck’s Of Mice and Men, the devastating impact of loneliness on human beings is demonstrated through Curley’s Wife, Crooks, and Candy. Throughout the novel, Curley’s wife is used as a model of loneliness in order to show the impact of loneliness and isolation on the human mind. For example, she shows her desperation for attentionRead MoreOf Mice and Men, by John Steinbeck842 Words   |  4 Pagessecluded while working. Men would go far away from their families in search of any jobs they could get, with only themselves to confide in; colleagues only filling in the void of friends and family partially. Naturally, John Steinbeck’s novel Of Mice and Men, written during this period, would reflect this fact as a major aspect of the story. Loneliness would become the sinew of Of Mice and Men, manifested in some of the story’s main characters: Candy, Crooks, and Curley’s wife. These allusions to lonelinessRead MoreThe American Dream1179 Words   |  5 PagesSet during the gruelling Great Depression of the 1930’s, John Steinbeck’s touching novella Of Mice and Men focuses on the w orking class of America and two men, George Milton and Lennie Small, as they work on a ranch in hopes of owning their own land. Set in the dusty town of Soledad, California, Steinbeck’s classic characters offer a parable about what it means to be human. George and Lennies ambition of owning their own ranch, and the obstacles that stand in the way of that ambition, reveal theRead MoreArchetypes In John Steinbecks Of Mice And Men838 Words   |  4 Pagesinnocent. Archetypes are characteristics of easy or well-known traits from children’s literature, pop culture, or even everyday life, they help the readers connect with the characters quickly and accurately. Lennie’s archetype is innocent because he is always so caring to others. He is also taken advantage of a lot. Lennie is always so positive even when the hardest situations are thrown at him. In John Steinbeck’s Of Mice and Men novel Lennie Smalls archetype is portrayed as innocent because he is soRead M oreHow Does Steinbeck Create the Theme of Insecurity in the Novel?1574 Words   |  7 PagesWrite about: †¢ Why some characters feel insecure †¢ How language contributes to a sense of the characters’ insecurity †¢ How the settings contribute to a sense of insecurity †¢ Other features which create a sense of insecurity You must: †¢ Explore how Steinbeck creates a sense of insecurity through the presentation of insecure characters, eg through: Lennie, Crooks and Curley’s wife †¢ Look at language/settings, eg the situation of Curley’s wife and how she feels about Curley and her life on the ranchRead MoreThe American Dream in John Steinbecks Of Mice and Men Essay1430 Words   |  6 Pagesobstacles and beating all odds to one day be successful. This subject is the predominant theme in John Steinbeck’s novel. This is a novel of defeated hope and the harsh reality of the American dream. Steinbeck’s naturalistic and unrefined style of writing is helpful because of its ability to connect with his readers. The most important dream in this novel is that of the two main characters Lennie and George. They are poor, homeless, migrant workers who although their dream is essentially theRead More Of Mice and Men’ is a novel about people. Are there too many3038 Words   |  13 PagesOf Mice and Men’ is a novel about people. Are there too many cripples, misfits and unusual characters in the novel to consider Steinbeck’s portrayal as true life? Steinbeck’s novel is based on ordinary people during the American Depression. Steinbeck has an understanding of how migrant workers were and how it was as he had his childhood in California near Salinas Valley. During the period in which the novel was wrote was written migrant workers went from ranch to ranch working for money

Deterrence And Its Effect On Society - 845 Words

Deterrence Joni Montoya South University Online Justice. Deterrence starts in childhood. A parent punishes a child for doing something forbidden and the child learns that doing this thing will have bad consequences. When one person or persons attempt to sway the decision of another with the menace of punishment more threatening than the gains, this is deterrence (Coleman, 2002). Deterrence is defined as the punishment of socially undesirable behavior as a means of future prevention (Coleman, 2002). The driving force behind deterrence is the fear of punishment. Deterrence is part of the Classical theory (South University Online, 2014). Classical theory states that criminals have free will and make a deliberate decision to commit a crime. Classical theory has been around since ancient times. Society has always had rules and punishments. The concept behind classical theory is that persons will avoid criminal behavior because of the negative consequences (What, 2014). The role that the family plays is that the family teaches the children how to behave in society and what will happen if they deviate from correct and proper behavior. Deterrence causes an individual to decide whether the gains from the inappropriate behavior outweigh the losses. For example, a bank robber needs to decide whether the gain, thousands of dollars, outweighs the loss, years in prison. Deterrence wins if the robber decides not to rob the bank because for fear ofShow MoreRelatedGeneral Deterrence And Its Effect On Society1503 Words   |  7 PagesIt is estimated that general deterrence aims at making the offender to think twice before violating the law, because the physical and psychological pain that the offender will get through the action do not equate with the benefits of doing that action. Also, the general deterrence means that amount of penalties impose on the offender will stop others and deter them from committing crimes and prevents others form even thinking to commit the crime. That is because the human psyche is always tendingRead MoreJustification And Justification Of The Penal System1171 Words   |  5 PagesRetribution assigns a punishment that is appropriate to the crime, which is ideal in punishing criminals whereas general deterrence works to persuade society to obey the law, and specific deterrence work. From the variety of utilitarian justifications of punishment, retribution is the most convincing as its theoretical goals are sustained through societies, whereas general and specific deterrence cannot be justified on their own, as they do not match with retribution. For retributionists, punishment is backwardRead MoreEssay Deterrence Theory of Crime1021 Words   |  5 PagesDeterrence theory of crime is a method in which punishment is used to dissuade people from committing crimes. There are two types of deterrence: general and specific. General deterrence is punishment to an individual to stop the society as a whole from committing crimes. In other word, it is using the punishment as an example to â€Å"scare† society from precipitating in criminal acts. Under general deterrence, publicity is a major part of deterrence. Crime and their punishments being showing in theRead MoreIs Deterrence Effective And Efficient?1719 Words   |  7 PagesIs Deterrence Effective and Efficient? Joshua A. Barlow Anderson University Abstract I will discuss the nuances of the deterrence theory and whether or not it’s a viable form of preventing crime. The reason we have laws and punishments is to deter people from committing crimes. Deterrence is an inherent concept within criminal law. Many believe that people will commit crimes regardless of deterrence and therefore efforts to deter are in vein. I will delve into Cesare Beccaria’sRead MoreDeterrence And Rational Choice : The Criminal Justice System And Crime Prevention1196 Words   |  5 PagesDeterrence or rational choice, which one is the better, or should I say wiser theory to follow when it comes to the criminal justice system and crime prevention. Using extreme capacitation (Deterrence) can be an effective punishment for many in our society, however, there will still be a small portion of our society that will still commit crimes. The majority of the society would use good-ole common sense (Rational Choice) and not commit crimes in the first place. DISCUSSION: Deterrence and RationalRead MoreCapital Punishment And Its Effect On Society1425 Words   |  6 Pagesreinstated in 1976. Some say that in a free society, capital punishment is an unnecessary form of cruel and unusual punishment in violation of our constitution. Others claim that capital punishment serves the primary purpose of deterring crime and punishing society’s most homicidal offenders. The biggest question when it comes to capital punishment is, is it worth it? Does Capital punishment have a deterrent effect on society? Or does it hurt more than help society? An over whelming majority of researchersRead MoreRelationship Between Police Intervention And Juvenile Delinquency1459 Words   |  6 Pagesdeterring deviance amplification. There are two main theories that initiate America’s juvenile justice system: labeling and deterrence. Essentially, labeling proponents believe that official intervention increases delinquency and, oppositely, deterrence theorists ar gue that it cracks down on deviancy. Wiley et al. (2016:283) want to â€Å"inform this debate by examining the effect of being stopped or arrested on subsequent delinquent behavior and attitudes†. They hypothesize their results to reflect labelingRead MoreCapital Punishment Should Not Be Abolished750 Words   |  3 Pagesmany reasons why the United States of America keeps capital punishment. These reasons include the deterrence theory, the idea of retribution, cost of prisons, and general safety of the public. First of all, I’m sure that you have heard of the deterrence theory. Deterrence is basically the fear of punishment; and even though it doesn’t prevent all crimes, the results are still undeniable. The deterrence theory is when criminals think about the consequences of each crime, they weigh the pros and consRead MoreThe Criminal Justice System And Crime Prevention970 Words   |  4 PagesINTRODUCTION: Deterrence or rational choice, which one is the better, or should I say wiser theory to follow when it comes to the criminal justice system and crime prevention. Using extreme capacitation (Deterrence) can be an effective punishment for many in our society, however, there will still be a small portion of our society that will still commit crimes. The majority of the society would use good-ole common sense (Rational Choice) and not commit crimes in the first place. DISCUSSION: Deterrence andRead MoreOutline of the Basic Principles of Sentencing Essay1277 Words   |  6 PagesOutline of the Basic Principles of Sentencing Legal system is one of the most important parts of the Government, which directly affects the society and people in the society; as a result, researchers and criticisers have always inspected it. This essay will outline the basic principles of sentencing in United Kingdom. There are five general aims or functions or justifications of punishment in the UK’s legal system, which are: 1. RETRIBUTION Retribution rests

Network - Security and Design Report

Question: Write a report on the network, security and design. Answer: 6.1.2. The task of requirements analysis is the first step in the design of any system, including software systems. Its aim is to clearly identify, understand and record all aspects of the proposed system, including the stakeholders of the system, which can possibly be addressed before development actually begins, including a number of foreseeable contingencies. This process is generally conducted in three broad steps gathering requirements, analyzing requirements, and documenting requirements. Requirements gathering refers to the process of contacting various stakeholders and undergoing rigorous rounds of questioning and probing to accurately gather all the requirements of the project. First, the stakeholders of a project need to be identified. Once all stakeholders are identified, the requirements need to be coaxed out of them. It is important to note that the stakeholders themselves are not considered fully reliable for accurately detailing their requirements, and thus many techn iques need to be employed to infer the actual requirements while eliminating intentional or unintentional fallacies. Of particular note are those cross-functional requirements that can only be identified when multiple stakeholders are allowed to hold a mediated discussion. The list of requirements thus gathered needs to be further analyzed and refined, eliminating redundancies and focusing on core aspects. The goals of the project need to be used to put these requirements into context. Finally, the requirements are arranged into a presentable document which contains such details as clearly outlined goals, project scope, use cases, and other information representation tools that clearly delineate the requirements of the project in an unambiguous, precise manner. 6.1.3 Recommended key stakeholders: the board members, the Chief Executive Office, the Chief Technology Officer, the Chief Information Security Officer, the Chief Finance Officer, the Customer Support Coordinator, the Database Administrator, the Market Research Analyst, the Network System Administrator, and the Legal Advisor. 6.1.4 Should different levels of privileges provided to control access? Can each user have a personal password? Should the security features cover: System access, Feature access, Database field access, Master file changes, Standing data? Should security allow for read and read/write access to be specified separately? Is there a clear indication in the system or manuals as to how the data is backed-up and recovered? If system failure occurs part way through a batch or transaction, should the operator have to re-input the batch or only the transaction being input at the time of the failure? How should the system handle dates - (e.g. 2 digits, 4 digits)? What levels of encryption can be/are required to be applied when transactions or data are passed across the Internet (e.g. 40 bit, 128 bit)? What is the expected operational life-cycle of the system, and how are future updates, replacements or disposal activities to be carried out? What information will the system store, how is it obtained, and how is it to be disposed? What hardware devices will be involved in the system and where will they be located (on-site, off-site)? What level of security will the various hardware devices have? What network protocols will the system be expected to be compatible with? What is the desired infrastructure of the network (LAN, WLAN, VPN, etc.)? What all types of devices will the users of the network require to be able to connect to the network (on-site workstations, personal mobile devices, etc.)? 6.2 Risks, Vulnerabilities and Controls 6.2.1 Denial-of-Service Attacks: These are one of the most malevolent and widespread type of attacks that any organization must guard against. Denial-of-Service (DoS) attacks are very easy to launch, difficult to guard against, and can become nearly impossible to trace back to the attacker. The basic idea behind a DoS attack is to flood a network with so many requests for resource allocation that the corresponding requests from those users on the network who need to genuinely utilize those resources cannot gain access to the resources. Thus, a number of network resources and services end up becoming inaccessible to their intended users. Unauthorized Access: This is a broad term that refers to a situation where a network user is able to access network resources that the user should not have been able to access on account of any number of reasons. Typically, this takes the form of sensitive company data being accessed by unauthorized third-parties or malicious users. Alternately, core company resources reserved for special purposes or only usable as per specific guidelines can be inappropriately used if an unauthorized user gains access to them. Spoofing: In these attacks, the identity of a user is stolen in that an attacker is able to conduct actions that may be potentially harmful to the system in some way while masquerading as the user whose identity was stolen. Potentially Unwanted Programs: This is a broad classification of a range of programs that do not necessarily pose a risk to security of a system but can instead result in unwanted consequences for the operation of a business. For instance, joke programs that can cause distractive animations to pop-up on a computer screen can impair productivity and cause a significant loss of time and business for a company while the program is being removed. Zombie Agents: A class of malware called trojans can cause infected systems to become zombie agents slave systems which can be remotely instructed to conduct covert attacks on other systems without the knowledge of the system owner. These are often used for conducting widespread Distributed DoS (DDoS) attacks on organizations, can cause the owners of infected systems to become unwitting accomplices in an attack. 6.2.2 There are two classifications for security controls: according to time of action and according to nature of control. The various types of control classified as per the time of action are: Preventive Control: These come in to action before an incident occurs and are put in place to prevent security incidents from occurring. Detective Control: These controls operate during an incident in progress and are used to identify the incident. Corrective Control: These controls are employed after an incident has occurred and are used for damage control. The classification of controls by their nature is as follows: Physical Controls: These are put in place to protect the physical hardware of the system from security breaches, such as secure housing compounds for servers and databases. Procedural Controls: This refers to security protocols, training manuals, standard operating procedures, and so on that relate to the various personnel involved in or associated with a system and aims to reduce chances of security breach or incidents arising out of the actions of these personnel. Technical Controls: Such controls deal with the technical aspects of how the system is designed and implemented, such as communication protocols, encryption algorithms, access control, etc. Compliance Controls: Examples of such controls are privacy laws, company policies, industry standards, etc. which aim to reduce security risks by ensuring that all vulnerable fronts are covered. 6.2.3 Phishing: A malicious attack in which a person receives communication from a seemingly authentic source such as a bank or insurance company, or the IT department of the victims workplace, requesting details that are otherwise considered personal and sensitive, for example passwords. Once the victim provides this information, the attacker misuses the sensitive information to conduct cyber-crimes. Preventing such attacks requires procedural controls such as effective employee training and awareness, as other control types can offer little help in such cases. In order to mitigate damage due to leaked passwords, organizations should implement strict access control policies to limit the amount of access a compromised user account has. Spyware: Spyware is malware that covertly installs itself on a computer system and monitors activity on the system or network, sending back such data to a malicious attacker or command server where it is analyzed and sensitive/important information is extracted. This information can later be used to conduct various types of cyber-attacks. Spyware installation can be prevented by employing good procedural controls so that employees dont accidentally install it in the first place. Moreover, technical controls such as ad-blockers, firewalls and packet filtering can further reduce the risk of spyware infiltration as well as mitigate damage. Backdoor Viruses: These malware try to infiltrate computer systems by various means, similar to spyware, but instead of passively collecting data they try to actively control the computer systems and use them to conduct various activities, many of which may be illegal such as DDoS attacks, or otherwise harmful to the owner of the system as well as others. Procedural and technical controls both need to be in place to prevent backdoor viruses from infiltrating systems as well as mitigating damage. Data Theft: Data can be literally stolen by stealing away or making illegal copies of the storage media used to store that data, such as backend databases of organizations. Even if the database is secure against any network based attacks, an attacker can still physically access the database and copy it if sufficient physical controls such as security checkpoints, computer surveillance, and locks are not in place. Once data theft occurs, there is little choice for damage mitigation as the theft may not even come into notice until it is too late. Packet Sniffing: It is possible for attackers to secretly intercept data packets used for communication in a network, especially over public networks, and then analyze the data within in order to gain the required information to break through a networks security mechanisms. To prevent this, it is necessary to adopt a number of technical controls such as network security protocols, data encryption and other cryptographic control mechanisms, as well as some procedural controls such as password policies and key management policies. The same controls, if implemented correctly, can double over for mitigation measures. 6.2.4 US-CERT Alerts: https://www.us-cert.gov/ncas/alerts Intel Securities (formerly McAfee) Security Bulletin: https://www.mcafee.com/in/threat-center/product-security-bulletins.aspx Symantec Security Response: https://www.symantec.com/security_response/ 6.2.5 A number of researchers and security analysts worldwide are constantly studying various protocols, algorithms, software, platforms, etc. for security vulnerability. Often, a security vulnerability is found by someone and published publically, resulting in the vulnerability becoming known to potential cyber criminals. Thus, there arises a period of risk during which the vulnerability can be exploited since the developer is still working on a security fix and the fix also needs time to be deployed. The period of time between the publication of the vulnerability and the fixing of the vulnerability is referred to as Zero Day. 6.2.6 Security can never be foolproof and the only way to mitigate risk is to constantly revise, update and upgrade security measures. Just as attackers are constantly trying to expose security flaws, security experts must also constantly work to uncover these vulnerabilities before attackers do and then work on a solution. Therefore, keeping the security system up-to-date is the only way to mitigate this risk. 6.3 Incident Detection and Response 6.3.1 As per data obtained from the Australian Law Reform Commission, currently there is no legal provision for mandatory reporting of incidents of data breach imposed on any agency or organization in Australia. The Privacy Act (1988) only imposes a requirement for agencies to take reasonable steps to safeguard any personal information they hold. The Australian Government has, however, recently invited public comment and recommendations for a bill that encompasses mandatory reporting of data breaches by organizations. 6.3.2 A generic procedure based on the given set of procedures can be derived and summarized into 6 steps, as follows: Preparation: For any given threat, it is necessary to gather all possible information on how the threat affects the system. Using this information, gather data about the system to be secured and identify the points at which various security measures need to be employed depending on the task of prevention, control, or damage mitigation. Identification: Counter-measures for a threat can only be taken after the threat has been completely identified, which includes the scope, targets, intentions, and victims of the attack or threat. In order to accomplish this, a number of sources of information should be consulted and the data compiled for analysis. Containment: In order to reduce the damage a threat or attack can cause, it is necessary to quarantine or isolate it. The exact details of this process are slightly dependent on the type of threat, but the overall procedure is the same compartmentalize the threat and ensure that it cannot affect more sub-systems than it already has. Remediation: Once a threat has been isolated, it can be removed from the system according to the nuances of the threat itself. Some threats can be removed simply by deleting the source files of the threat or applying security fixes to the platform or network, while others require detailed and careful repair of system files along with removal of malicious code. Recovery: Resume normal operation of the system in an organized, controlled manner, making sure that all system dependencies and sub-systems are working correctly and no artefacts of the threat or its mitigation measures have been left. Aftermath: Document the details of the threat, such as attack vectors, damage report, recovery measures, threat response, etc. in order to ensure that security can be upgraded to prevent future attacks of a similar nature. 6.4Security Baseline Penetration Testing: This is a type of testing technique employed to check the robustness of the security measures placed on a system by assuming the role of a malicious attacker and trying to breach the security system, all the time keeping track of the actions taken and the system response. Penetration testing is generally conducted after a security system is deemed to have been completely installed, as a final check before deployment. Penetration testing may be conducted by the same team as that which designed the security system or a separate team of specialists. It may also be conducted as either a white box test or a black box test. Penetration tests may attempt cycle through a number of attack vectors and combine low risk vulnerabilities, in order to test the scalability, automated response, and detection capability of the security system as well as document operational impact of breaches and test the need for additional investment in security. Online Auditing: Auditing in the network security sense refers to activities such as control assessment and risk assessment which aim to keep track of the changes in a system and provide management with sufficient information about the system to make various decisions, such as detection of an active threat or a network security breach. Online auditing refers to the application of remote administration and automation technology to shift this task to a continuous background process so that the relevant information is collected and processed continuously without affecting the actual operation of the system. Online auditing systems work to provide information in real-time or almost real-time. Of course, auditing is not limited to network security vulnerabilities and can be extended to record almost any sort of information for the organizations internal purposes. 6.5.1 Three potential product and configuration security vulnerabilities: Cross Site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 This is for the setup of the OWASP structure with the inclusion of the cross site scripting structure. Remote File Inclusion (RFI): https://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion The inclusion of the projects for the webappsec with handling all the remote standards. Local File Inclusion (LFI): https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion These are for the handling of the Owasp with proper testing of the local file structural setup. Best practices: https://sucuri.net/website-firewall/stop-website-attacks-and-hacks The attacks are based on the stopping of the website with the hacking setup. Alternate products: Apache Server: apache.org/ FileZilla Server: https://filezilla-project.org/ Lighttpd Server: https://www.lighttpd.net/ They are better because they are open source and more security measures are available. They are also available for all the platform and not just Windows. Proposed changes: Upgradation of system Firewall installation Removal of server from DMZ Check for more robust software Possible installation of a platform independent system 6.5.2 Three potential product and configuration security vulnerabilities: DoS: digitalattackmap.com/understanding-ddos/ These are for handling the digital mapping as well as understanding the data value. Buffer Overflow: https://www.owasp.org/index.php/Buffer_Overflow The overflow of the buffer rate is set under the owasp system with the hold of the different structural setups. Data corruption: https://www.techopedia.com/definition/14680/data-corruption The data corruption has been directed to the techopedia standard with the hold of the different security features. Best Practices: https://searchsecurity.techtarget.com/tip/FTP-security-best-practices-for-the-enterprise Alternate products: SmartFTP: https://www.smartftp.com/ CuteFTP: cuteftp.com/products.aspx Globalescape: https://www.globalscape.com/ They are better because they are open source and more security measures are available. They are also available for all the platform and not just Windows. Proposed changes: Encryption in file transfer Use of more robust system Possible use of platform independent system Use of a dedicated file server Updating the current system 6.5.3 Three potential product and configuration security vulnerabilities: Buffer Overflow: https://www.owasp.org/index.php/Buffer_Overflow Cache Poisoning: https://www.owasp.org/index.php/Cache_Poisoning DoS: digitalattackmap.com/understanding-ddos/ Best Practices: https://technet.microsoft.com/en-us/library/cc959288.aspx Alternate products: Google DNS: https://code.google.com/speed/public-dns/ OpenDNS: https://www.opendns.com/ Advantage DNS: https://www.dnsadvantage.com/ They are better because they are open source and more security measures are available. They are also available for all the platform and not just Windows. Proposed changes: Change of standalone server to a web server Addition of external domain name to all servers to make it accessible Updating the current system Use of platform independent system Use of authorization in server 6.5.4 Three potential product and configuration security vulnerabilities: Email Injection: https://resources.infosecinstitute.com/email-injection/ Malware: pctools.com/security-news/what-is-malware/ Spamming: https://spam.abuse.net/overview/whatisspam.shtml Best practices: getvero.com/resources/guides/email-marketing-best-practices/ Alternate products: Claws Mail: https://www.claws-mail.org/ Thunderbird: https://www.mozilla.org/en-US/thunderbird/ Zimbra Desktop: https://www.zimbra.com/products/desktop.html They are better because they are open source and more security measures are available. They are also available for all the platform and not just Windows. Proposed changes: Outlook is bulky, and hence, more lighter and robust system should be used. The server should be placed in a secure zone. The web access should be made through dedicated email server. Open source client should be used. Platform independent client should be used. 6.5.5 Three potential product and configuration security vulnerabilities: DoS: https://www.cvedetails.com/cve/CVE-2005-3673/ Heap based buffer overflow: https://www.cvedetails.com/cve/CVE-2004-0699/ Buffer overflow: https://www.cvedetails.com/cve/CVE-2004-0469/ Best practices: cisco.com/c/en/us/about/security.../firewall-best-practices.html Alternate products: GlassWire: https://www.glasswire.com/ TinyWall: https://tinywall.pados.hu/ Gufw: https://gufw.org/ They are better because they are open source and more security measures are available. They are also available for all the platform and not just Windows. Proposed changes: Use of same firewall across all system and network. Use of open source system. Use of platform independent system. Use of a robust system, so that speed can be increased for the system. Renewal of firewall. Reference Cai, H. L., Deng, L. Y. Q., Xue, T. M., Yu, X. (2015). Research and design of NVT plug-in module-based network security detection system. Ferreira, D., Kostakos, V., Beresford, A. R., Lindqvist, J., Dey, A. K. (2015, June). Securacy: an empirical investigation of Android applications' network usage, privacy and security. InProceedings of the 8th ACM Conference on Security Privacy in Wireless and Mobile Networks(p. 11). ACM. Shin, S., Wang, H., Gu, G. (2015). A First Step Toward Network Security Virtualization: From Concept To Prototype.Information Forensics and Security, IEEE Transactions on,10(10), 2236-2249. Porras, P. A., Cheung, S., Fong, M. W., Skinner, K., Yegneswaran, V. (2015, February). Securing the Software Defined Network Control Layer. InNDSS. Sadeghi, A. R., Wachsmann, C., Waidner, M. (2015, June). Security and privacy challenges in industrial internet of things. InProceedings of the 52nd Annual Design Automation Conference(p. 54). ACM. Vasilakos, A. V., Li, Z., Simon, G., You, W. (2015). Information centric network: Research challenges and opportunities.Journal of Network and Computer Applications,52, 1-10. Attipoe, A. E., Yan, J., Turner, C., Richards, D. (2016). Visualization Tools for Network Security.Electronic Imaging,2016(1), 1-8.Networking.