Free Essay

Final Csec640

In:

Submitted By ajjoy
Words 4874
Pages 20
Chegg
-- Sign In
More
Learn about
Chegg Study
-------------------------------------------------
Top of Form
SubmitClose
Bottom of Form
Free Shipping: Physical textbook orders of $55 or moreSee details
Excludes tax and shipping. Expires on 12/15/14. Not to be combined with other offers. Terms of offer are subject to change
Code: CHEGGFREESHIPApply
Home
home / homework help / questions and answers / engineering / computer science / 1. [16 points total, tcp/ip] a. unlike ip fragmentation...

Ask a new question?
Question

1. [16 points total, TCP/IP]
a. Unlike IP fragmentation (which can be done by intermediate devices), IP reassembly can be done only at the final destination. What problems do you see if IP reassembly is attempted in intermediate devices like routers? [8 points]
Answer: It's important to understand that while reassembly is the complement to fragmentation, the two processes are not symmetric. A primary differentiation between the two is that while intermediate routers can fragment a single datagram or further fragment a datagram that is already a fragment, intermediate devices do not perform reassembly. There are a number of reasons why the decision was made to implement IP reassembly this way. Perhaps the most important one is that fragments can take different routes to get from the source to destination, so any given router may not see all the fragments in a message. Another reason is that having routers need to worry about reassembling fragments would increase their complexity. Finally, as we will see, reassembly of a message requires that we wait for all fragments before sending on the reassembled message. Having routers do this, slow routing down. Since routers don't reassemble they can immediately forward all fragments on to the ultimate recipient.
However, there are drawbacks to this design as well. One is that it results in smaller fragments traveling over longer routes than if intermediate reassembly occurred. This increases the chances of a fragment going missing and the entire message being discarded. Another is a potential inefficiency in the utilization of data link layer frame capacity. In the example above, the 1,300-byte fragments would not be reassembled back into a 3,300 byte datagram at the end of the 1,000-MTU link. If the next link after that one also had an MTU of 3,300, we would have to send three frames, each encapsulating a 1,300-byte fragment, instead of a single larger frame, which is slightly slower.
b. Let’s assume that Host A (receiver) receives a TCP segment from Host B (sender) with an out-of-order sequence number that is higher than expected as shown in the diagram. Then, what do Host A (receiver) and host B (sender) do? [8 points]
Answer: When Host B (sender) sends TCP segments with an out-of-order sequence number that is higher than expected to Host A (receiver) the receiver fails to receive the TCP segments which is detected by TCP/IP protocol .After detection of segments TCP/IP recovered it. After the reassembling sent back to sender where it the sequence is good enough to receive by the receiver Host A. In this process the Transmission of data is occurred in good and effective way.
2. Describe or propose a way to detect ARP spoofing attack. What could be a possible weakness in your proposed method? Please do not discuss any prevention method (e.g., port security is an example of a preventive method). [8 points]
Answer: The Address Resolution Protocol (ARP) due to its statelessness and lack of an authentication mechanism for verifying the identity of the sender has a long history of being prone to spoofing attacks. ARP spoofing is sometimes the starting point for more sophisticated LAN attacks like denial of service, man in the middle and session hijacking. The current methods of detection use a passive approach, monitoring the ARP traffic and looking for inconsistencies in the Ethernet to IP address mapping. The main drawback of the passive approach is the time lag between learning and detecting spoofing. This sometimes leads to the attack being discovered long after it has been orchestrated. In this paper, we present an active technique to detect ARP spoofing. We inject ARP request and TCP SYN packets into the network to probe for inconsistencies. This technique is faster, intelligent, scalable and more reliable in detecting attacks than the passive methods. It can also additionally detect the real mapping of MAC to IP addresses to a fair degree of accuracy in the event of an actual attack.
3. [Wireless LAN Security-WEP] What is the main difference between the FMS attack and Chopchop attack? Clearly explain your answer [8 points]
Answer: Fluhrer, Mantin and Shamir published the RST key recovery attack on WEP in 2001 is called FMS attack. Their attack is based on the idea that an attacker who listens passively to the trac of a WEP protected network can record a lot of encrypted packets including the initialization vectors used for these packets. Because the RST bytes of the plain text of most packets are easily predictable, the attacker is able to recover the RST bytes of the key streams used to encrypt these packets. The initialization vector is transmitted unprotected with the packets, so the attacker initially also knows the RST 3 bytes of the per packet key for all packets. All following bytes of the per packet key are the same for all packets, but are initially unknown to the attacker.
The Chopchop attack allows an attacker to interactively decrypt the last M bytes of plain text of an encrypted packet by sending m 128 packets in average to the network. The attack does not reveal the root key and is not based on any special properties of the RC4 stream cipher.
We can summarize the chopchop attack before encryption, a four byte CRC32 checksum named ICV is appended to the data of the packet. The packet with the trailing checksum P can be represented as an element of the polynomial ring F2. If the checksum is correct, P mod PCRC=PONE holds, where PONE is a known polynomial and P CRC is a known polynomial too, which is irreducible. We can write P as QX 8+R. Here R is the last byte of P And Q are all remaining bytes. When the encrypted packet is truncated by one byte, Q will most probably have an incorrect checksum.
4. A huge enterprise decides to use a symmetric encryption to protect routing update messages between its own routers (i.e. entire routing update messages are encrypted by a strong shared symmetric key). They think this will prevent routing table modification attacks. Do you think their decision is appropriate? Do you see any problems or issues with their decision? [10 points]
Answer: I think their decision is appropriate in a order to protect routing update messages between its own routers by two types of symmetric key distribution approaches for securing BGP messages. In the first approach, a centralized controller establishes the necessary keys among the BGP routers and hence, we call protocols using this approach as centralized key distribution protocols. In the second approach, we assume that a centralized controller does not exist and each AS distributes the necessary keys to the BGP routers of other ASes. We call key distribution protocols using this approach as distributed key distribution protocols.A main objective of BGP is to advertise the routing path information for IP prefixes. Towards this, BGP routers initiate TCP connections with other BGP peers and exchange the path information in the form of BGP update messages. For this discussion, we represent an update message as a tuple: (prefix, as path),where the prefix denotes what the message needs to advertise or withdraw, and the as path denotes the sequence of ASes through which this update message has traversed. When a BGP router receives an update message, it will concatenate the as path field of the message with it’s AS number and propagate the message to other neighbouring ASes. When a BGP router receives multiple paths for the same prefix, the router chooses the best path based on its own criteria. Although BGP update messages can be used to advertise as well as withdraw IP prefixes, without loss of generality, we assume that update messages contain prefix advertisement.
5. An ACK scan does not provide information about whether a target machine’s ports are open or closed, but rather whether or not access to those ports is being blocked by a firewall. If there is no response or an ICMP “destination unreachable†packet is received as a response, then the port is blocked by a firewall. If the scanned port replies with a RST packet, then ACK packet reached its intended host. So the target port is not being filtered by a firewall. Note, however, that port itself may be open or closed.
Describe a rule (or a set of rules) that could be used by Snort to detect an ACK scan. Cleary express your assumption and explain your rules. Do you think Bro can do a better job detecting an ACK scan? Explain your answer. [15 points]
Answer: Snort is a widely used network intrusion detection and prevention system(NIDS/NIPS). It gained popularity because of its powerful detection system base on rules which are shared in public by users and snort administrators. Snort and its rule updates are open source and free for public use and modification capability to detect specific network activity and flexibility in rule generation. It can have any number of rule options separated by semicolons and is always enclosed within parentheses. An option is composed of three parts:
1. Option keyword – Identifies the option you want to use
2. Semicolon – separates the keyword from value
3. Option value – the value you want to pass to the option keyword
A set of basic snort rules are as follows:- msg– The value you provide on this field will be the message written on the alert and packet logs.
- e.g. (msg:â€Web traffic to Intranetâ€;) sid – The keyword used to identify rules in snort. Output modules or log scanners can use SID to uniquely identify rules. Authors have reserved SID ranges for rules as shown below:
a. Range 0-99 is reserved for future use.
b. Range 100-1,000,000 is reserved for rules that come with official Snort Distribution. Well known snort rules have this ID
c. ID above 1,000,000 are used for custom rules on a network logto – Tells snort to log the packet to a custom file name instead of the standard output file
- e.g. (logto:â€web_server_logs_Jan_2010.logâ€;) minfrag – Sets the threshold value for the smallest acceptable IP fragment size. This is useful in detecting attack mechanisms that breaks fragments into small pieces of data before sending them into the target network to avoid detection.
- e.g. (minfrag:256;) dsize – Sets the packet’s payload size the packet should have for a match to happen. We can add a greater than > or less than < sign to match for Inequality. Format is (dsize:[<|>]NUMBER;).
- e.g. (dsize:>1500;) – match for giants
- e.g. (dsize:< 64;) – match for runts content – Search for a pattern in the packet’s payload. This is useful in finding suspicious URL, embedded malicious codes, content encoding and other known string patterns malwares leave on the payload.
- e.g. (content:â€<?php>while(;;){alert(Pwnd!);}<php>â€;)
- e.g. (content:â€Accept-Encoding: bbbbbbbbblateâ€;) flags – check for TCP flags for certain values. This can be useful in detecting unusual network behavior like FIN scans.
- There are 8 flags variables available in Snort:
F – FIN (LSB in TCP Flags byte)
S – SYN
R – RST
P – PSH
A – ACK
U – URG
2 – Reserved bit 2
1 – Reserved bit 1 (MSB in TCP Flags byte)
- e.g. alert any any -> any any (flags: SF,12; msg: “Possible SYN FIN scanâ€;) seq – Refers to the TCP sequence number field for a specific value. Not used very much since sequence number are randomly generated.
- e.g. (seq:45992) detects packets with sequence number equal to 45992 ack
- This rule option keyword refers to the TCP header’s acknowledge field. Its only practical purpose so far is to detect NMAP TCP pings. TCP NMAP ping works by setting this field to zero and sending a packet with the TCP ACK flag set to determine if a network host is active.
- e.g. (flags: A; ack: 0; msg: “NMAP TCP pingâ€;) itype – Check the ICMP type field against a specific value. This could be used to detect invalid ICMP packets with incorrect itype value which can be used on DoS attacks like flooding.
- e.g. (itype:8;) → detect ICMP echo
- see http://www.iana.org/assignments/icmp-parameters for ICMP Type numbers icode – test the ICMP code field against a specific value
- see http://www.iana.org/assignments/icmp-parameters for more info on the different ICMP icode values and their meaning
- like the itype, icode can be used to detect suspicious ICMP packets with incorrect icode values. This packets may be used in spoofing, flood obfuscation and DoS attacks.
- e.g. (icode:3;) match for ICMP Destination unreachable session
- dumps the application layer information for a given session. This is a very useful rule option. This allows us to print information inside the packet that maybe related to user-name, password, executed commands, etc.
- e.g. alert tcp any any → any 21 (content:â€FTP Session Dataâ€; session:printable;) generates an alert then prints FTP session to standard output. offset – modifier for the content option, sets the offset to begin attempting a pattern match from the beginning of the packet payload. It s useful in detecting CGI scans where in the search string cannot be found on the first 4 bytes of the payload. This can only be used when the content rule option was specified.
- e.g (contentâ€CGI scanâ€; offset:5;)
- The first 5 bytes will be skipped for matching. The string pattern “CGI scan†will be matched on the 6th byte onwards depth – modifier for the content option, sets the maximum search depth for a pattern match attempt. Like in offset, the content keyword must have a value for this to be used. It can be said that depth tells how far snort will search for content matching.
- e.g (contentâ€CGI scanâ€; depth:10;)
- The string pattern “CGI scan†will be matched only on the first 10 bytes. ttl – The IP header’s Time-To-Live field value for exact match.
- e.g. (ttl:1;) id – Check the IP header’s fragment ID field for a specific value
- e.g. (id:31337;) ipopts – This keyword is used to look for IP options on an IP header if there is any. IP options can be attached at the end of IP headers and can take up to
40 bytes of space. These options are commonly used for:
- Record Route (rr)
- Time Stamps (ts)
- Loose Source Routing (lssr)
- Strict Source Routing (ssrr)
Bro’s scan detection has since been modified to incorporate a threshold random walk approach . Various algorithmic approaches to detecting scans have also been developed. For example, Graph-based Intru-sion Detection System, GrIDS, recognizes scans based on structures the communications form when inserted into a graph .Leckie and Kotagiri use probabilistic mod-eling to determine how likely it is that a source will contacta particular destination IP address or port, using the con-ditional probabilities to determine if a source is scanning.Robertsonet al developed a method based on the traf-fic returned to a source, where no response or a RST-ACK was indicative of scanning. Approaches based on visual representation of connection data have also been developed for detecting port scans (e.g., Muelderet al.) However, the threshold random walk (TRW) approach to detecting port scans developed by Junget al.[6] has become the gold standard for scan detection, and has been used for activities such as worm detection and quarantine . Their approach uses sequential hypothesis testing, where each new connection request from an external source is evaluated. If the destination exists, then there is more support for the source being benign (or, rather, not scanning). How-ever, if the destination does not exist, then there is more support for the source to be scanning. Once the hypotheses is that the source is scanning has been accepted or rejected, it is labelled with the result. The use of sequential hypotheses is testing allows the user to customize variables based on the density of hosts on their network and on the desired detection.
6. Explain the main difference between SQL injection and XSS attacks. [10 points]
Answer: SQL injection attack is that an attacker can inject SQL into input taken from a form, as well as through the fields of a cookie. Your input validation logic should consider each and every type of input that originates from the user be it form fields or cookie information as suspect. Also if you discover too many alerts coming in from a signature that looks out for a single-quote or a semi-colon, it just might be that one or more of these characters are valid inputs in cookies created by your Web application. Therefore, you will need to evaluate each of these signatures for your particular Web Application. A trivial regular expression to detect SQL injection attacks is to watch out for SQL specific meta-characters such as the single-quote (') or the double-dash (--).
XSS is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy .Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems they rely on. Exploiting one of these, they fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Therefore , these scripting attacks are a special case of code injection.
7. As shown in the above diagram, Kevin, the system admin, installed a text-message sender and a text-message receiver in a Multi-Level-Secure (MLS) environment. In the MLS environment, two security levels exist (i.e., Unclassified (Low) and Classified (High) levels). His goal is to enforce the Bell-La Padula (BLP) access control model in the network. In a nut shell, the BLP model defines two mandatory access control rules:
No Read Up Rule: a subject (Low) at a lower security level must not read an object (High) at a higher security level. Simply, a Low entity cannot have read-access to a High object. No Write Down Rule: a subject (High) at a higher security level must not write to any object (Low) at a lower security level. Simply, a High entity cannot have a write-access to a Low object.
In this scenario, enforcing the BLP model means no confidential information flows from Classified LAN (High) to Unclassified LAN (Low). However, information can still flow from Unclassified LAN to Classified LAN.
To achieve his goal, he configured both text message sender and receiver as follows:
· The text message sender is configured to send a text message to the text message receiver via TCP/IP protocol.
· The text message receiver is configured to receive a simple text message from the sender via TCP/IP protocol.
· The following IP/port is given to each machine: o Text message sender : 192.168.2.2 and port 9898 is open o Text message receiver: 192.168.3.3 and port 9999 is open o A text message is allowed to be sent only from port 9898 of 192.168.2.2 (sender) host to port 9999 of 192.168.3.3 (receiver) host.
Part A) As you can see from the diagram above, the text message sender and receiver have been compromised by the adversary and the Trojan, respectively. However, the router with Snort IDS installed (router/snort) is securely protected and can be fully trusted.
Write efficient Snort rules and access control lists which will be implemented on the router/snort to detect or block confidential information leakage from High to Low. Write your rationale for writing your rules and access control lists. For example, if the text message receiver (Trojan at High LAN) attempts to send a text message (confidential information) to the text message sender (the adversary at Low LAN), the attempt will be either blocked by your access control list(s) or detected by your snort rule(s).
Do not write more than 5 rules and lists in total. At least one access control list must be included. [15 points]
Hint: Access control lists are discussed in Module 10 and snort rules are covered in Module 7 as well as Lab2. To see more snort options, please refer to chapter 3 of Snort User Manual 2.9.1 by the Snort Project (link: http://www.snort.org/assets/166/snort_manual.pdf)
Answer: Rule options follow the rule header and are enclosed inside a pair of parentheses. There may be one option or many and the options are separated with a semicolon. If you use multiple options, these options form a logical AND. The action in the rule header is invoked only when all criteria in the options are true. You have already used options like msg and ttl in previous rule examples. All options are defined by keywords. Some rule options also contain arguments. In general, an option may have two parts: a keyword and an argument.
Working with Snort Rules
Pass -This action tells Snort to ignore the packet. This action plays an important role in speeding up Snort operation in cases where you don’t want to apply checks on certain packets. For example, if you have a vulnerability assessment host on your own network that you use to find possible security holes in your network, you may want Snort toignore any attacks from that host. The pass rule plays an important part in such a case.
Log-
The log action is used to log a packet. Packets can be logged in different ways, as discussed later in this book. For example, a message can be logged to log files or in a database. Packets can be logged with different levels of detail depending on the command line arguments and configuration file. To find available command line arguments with your version of Snort, use “snort -?†command.
Alert-
The alert action is used to send an alert message when rule conditions are true fora particular packet. An alert can be sent in multiple ways. For example, you can send an alert to a file or to a console. The functional difference between Log and Alert actions isthat Alert actions send an alert message and then log the packet. The Log action only logs the packet.
Activate-
The activate action is used to create an alert and then to activate another rule forchecking more conditions. Dynamic rules, as explained next, are used for this purpose.The activate action is used when you need further testing of a captured packet.
Dynamic-
Dynamic action rules are invoked by other rules using the “activate†action. In normal circumstances, they are not applied on a packet. A dynamic rule can be activated only by an “activate†action defined in another role.
Part B) Describe a way for the Trojan to covertly transmit 4 characters (e.g., A, B, C and D) to the adversary without being detected or blocked by your rules and access control lists provided in Part A.
[9 points].
Answer: It have no access to the file. If the system does not tell its status, a file can be created with the same name to check for a name duplication error. The single bit that this one creation gives is not much but with high speed systems, many files can be created or deleted thus improving bandwidth. The amount of file creations or deletions per second that can occur is the number of bits that can be transmitted.
The most common method of implementation is through malicious software or code . This is most often referred to as a Trojan horse. Trojan Horses are malicious code which gains access to systems without the knowledge of the system administrators. These programs can be disguised as legit programs, such as e-mails, computer games, or other benign looking files. Most often the Trojan is sent to a system user who will not realize that it is a Trojan while some are placed in systems by the intruder directly. Once it gains access it disguises itself as a legitimate program so a firewall or virus scanner will not detect its presence. It can then begin to transmit through covert storage channel.
8. [topic: IPsec VPN] What do you think are the advantages & disadvantages of using both AH and ESP protocols on the same end to end IPsec connection (transport mode)? In addition, it is recommended that the ESP protocol should be performed before the AH protocol. Why is this approach recommended rather than authentication (AH) before encryption (ESP)? [9 points]
Answer: "Authentication Header" (AH) and "Encapsulating Security Payload" (ESP) are the two main wire-level protocols used by IPsec, and they authenticate (AH) and encrypt+authenticate (ESP) the data flowing over that connection. They are typically used independently, though it's possible (but uncommon) to use them both together.
AH is used to authenticate — but not encrypt — IP traffic, and this serves the treble purpose of ensuring that we're really talking to who we think we are, detecting alteration of data while in transit, and (optionally) to guard against replay by attackers who capture data from the wire and attempt to re-inject that data back onto the wire at a later date. Authentication is performed by computing a cryptographic hash-based message authentication code over nearly all the fields of the IP packet (excluding those which might be modified in transit, such as TTL or the header checksum), and stores this in a newly-added AH header and sent to the other end.
The ESP protocol provides one or both of encryption and packet authentication ESP a bit more complicated because the encapsulation surrounds the payload rather than precedes it as with AH: ESP includes header and trailer fields to support the encryption and optional authentication. It also provides Tunnel and Transport modes which are used in by-now familiar ways. ESP can also optionally provide authentication, with the same HMAC as found in AH. Unlike AH, however, this authentication is only for the ESP header and encrypted payload: it does not cover the full IP packet. Surprisingly, this does not substantially weaken the security of the authentication, but it does provide some important benefits.
ESP may be used with or without AH packet authentication. some form of packet authentication should always be used whenever data is encrypted.Without authentication, the encryption is vulnerable to active attacks which may allow an enemy to break the encryption. ESP should always either include its own authentication or be used with AH authentication.The RFCs require support for only two mandatory encryption algorithms – DES, and null encryption and for two authentication methods , keyed MD5 and keyed SHA. Implementers may choose to support additional algorithms in either category.The authentication algorithms are the same ones used in the IPsec authentication header.
Want an answer?

No answer yet. Submit this question to the community.
Ask question
Computer Science tutors who can help right now

Prashanth U.
MIT
129

Mayur D.
Sardar Patel University
151

Brian K.
University of California, Irvine
53

See more tutors
ABOUT CHEGG * Media Center * Chegg For Good * Brand Partnerships * Privacy Policy * Your CA Privacy Rights * Terms of Use * General Policies * Intellectual Property Rights * Investor Relations
RESOURCES
* Site Map * Mobile * Publishers * Join Our Affiliate Program * Advertising Choices
PUBLISHER PAGES * McGraw-Hill * Cengage * Pearson * Wiley * Elsevier
HELPFUL LINKS * Return Your Books * Rent Textbooks * eTextbooks * Used Textbooks * Cheap Textbooks * College Textbooks * Sell Textbooks * Chegg Study Help * Chegg Coupon * Solutions Manual * Scholarships * Career Search * Online Tutoring * Internships
COMPANY
* Chegg College Blog * Jobs * Customer Service * Give Us Feedback
Chegg Plants Trees

© 2003-2014 Chegg Inc. All rights reserved.
Over 5 million trees planted
<img src="http://www.chegg.com/_ajax/cheggpixel?ns=1" />
 Top Textbooks
 Top eTextbooks
 Top Textbook Solutions
 Sell your books
Asker Response %

Similar Documents

Premium Essay

Mba Essay

...I used to play soccer for a club,just for recreational purposes,in fact i was one of the cofounders of the team. The team we assembled was a mixture of young and old, and for this reason we were the laughing stock of the league, because all other teams were made up solely of young players, who were exceptionally talented. The team ended up on the wrong side of the score for the first few games we played, and got nicknamed the “whopping boys”. Eventually we grew tired of the nickname and of our performances on the field, and we decided to try and improve things, first thing we did was to elect a leader for the club. Even though i didnʼt want the job, i was voted into the position, and as the president it was my duty to represent my team when the league called for club meetings. At the time we were all students, so it was decided that we would all contribute towards any and all expenses,but unfortunately when you dealing with a blend of young and old, things donʼt always go according to plan, people constantly made up excuses for not showing up for practice, or for not contributing towards our equipment. Even though it wasnʼt my duty, i took it upon myself to ensure that every single player showed up for practice, i used to drive up to the houses of all those who didnʼt have any transportation. It was a tiring job, but i realized that if i wanted the team to be successful, i had to make certain sacrifices, some of which included taking money out of my own pocket...

Words: 750 - Pages: 3

Free Essay

1t210 Appendix a

...Axia College Material Appendix A Final Project Overview and Timeline Final Project Overview The final project consists of a checkout application. This application—similar to practical programs at many supermarkets—includes the following elements: • Complete requirements analysis • Design • Verification • Validation and test documentation The checkout application is a program that allows users to enter items and totals will be added up and results presented to the user. Requirements The requirements will change for each assignment section. This is because as we go along you will be able to add to the previous assignment using what you have learned during the course. Each assignment will require you to perform analysis and design and testing. We will learn more formal testing in week 6. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, some CheckPoints and assignments in the course are designed to assist you in creating your final project. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to complete your project successfully. □ Suggested in Week One: Read Appendix A regarding the final project overview and timeline. □ Due in Week Two: Initial Application Development □ Due in Week Four: Additional Application Development □ Due in Week Six: Final Application Development and Test Cases ...

Words: 262 - Pages: 2

Free Essay

Reflective Practise

...patient for hearing aid suitability. It was agreed that these three sessions encompassed all aspects in Audiology she may come across in her future career. For example, she can fit a hearing aid, she can assess a patient and she has learnt that not all fittings are straight forward, for those presenting with a unique problem(s). The end product is patient satisfaction, provide a solution for the patient and to support that in practise. Leanne has come on in leaps and bounds since her early days in the department. She is confident, but finds it difficult to ask questions. However, she does manage talk about things in the appointment through her reflective reporting. This is something I may need to talk with her about when I have the final meeting with her. But I am not overly concerned at this moment in time. The 3 reflective reports that Leanne produces is of good quality, informative and reasonably accurate. It also highlights aspects of training she mentions that we both have undertaken together in the appointment, so I suppose she is reporting her own training and that of mine in her words, that I can use as evidence that can be signed off. Each three reflective reports enclosed have been signed by myself and my mentor-supervisor, including this document. Trainee mentor…………………….print name………………….date:……………… Mentor-supervisor…………………print...

Words: 309 - Pages: 2

Premium Essay

Two Students Accounting Case

...the students are Bill and John. Bill believes that the completed -contract method is most like recognizing revenue at point of delivery because in the end the final product is delivered and has fulfilled any requirements to recognize revenue. John believes that percentage-of-completion is most like point of delivery and this allows a company to recognize revenue over time. I support Bill’s opinion that the completed-contract method is closest to recognizing revenue at point of delivery. The reason I support this is because while there is still construction taking place, as in the percentage-of-completion method, there still is no actual product being delivered. Along with no product being delivered, it is possible that the final product may never actually be made. If there’s a chance the end product not being made then there is no way to recognize revenue for that product. Using the completed contract method we hold off on recognizing any revenue until the final product is finished and delivered to the client. In my opinion completed contract fulfills the requirements of revenue recognition which are (1) the amount has to be realized / realizable and (2) the revenue must be earned. In completed contract at point of delivery the item can be considered earned now that it is completed and ownership has passed to the final customer. Percentage-of-completion does help serve large contracts that take years to complete so that a company can recognize some revenue every year. The problem...

Words: 364 - Pages: 2

Premium Essay

Term

...A statement presented in justification or explanation of a belief or action. Sentence- The student gave the principal a reason why he talked back to his teacher. Record- (v) Set down in writing or some other permanent form for later reference, esp. officially Sentence- We recorded the notes so that I could use them on my test later in the year. Relationship - (n) a connection, association, or involvement Sentence- The relationship between those two people is brother and sister Research – (v) to search or investigate exhaustively Sentence- I researched the problem in the investigation to find out what happened. Resolution – (n) The act of resolving or determining upon an action or course of action, method, procedure, etc. Sentence- The final resolution on the argument between the two students was that they both got suspended. Respond- (v) To reply or answer in words Sentence- The student responded to the teacher because he was called on to answer the...

Words: 274 - Pages: 2

Free Essay

Title of Titles

...presentation of your findings, and manage the time and skills of your group members. The objective of this assignment is to persuade your audience/potential investors that you have identified an opportunity that fills an important gap in the market. You are asked to identify an idea for a new venture and conduct an environmental analysis (PEST, Five Forces, size of market) to prove that your idea is worth funding. Essentially, you are answering two questions: What is your idea and why does it represent a worthwhile opportunity in the business environment? This project is worth 20 marks of your BU111 final grade and consists of three components: • 4 marks for the New Venture Preliminary Report (hard copy due BEFORE Friday, October 12th at 12 noon; turnitin and peer evaluations due BEFORE Friday, October 12th at 12 midnight • 10 marks for the Final Report (hard copy due BEFORE Friday, November 16th at 12 noon and turnitin and peer evaluations BEFORE Friday, November 16th at 12 midnight) • 6 marks for the New Venture Presentations (done in Labs #10 or #11 as assigned by TA – peer evaluations due BEFORE Wednesday, December 5th at 12 midnight) Details on what is required and how to complete and submit each of the above components are provided below. New Venture Idea Qualification In order for your new venture idea to qualify as a legitimate opportunity, it should possess the following three essential characteristics: 1) creates value...

Words: 4304 - Pages: 18

Free Essay

Cougars on the Bay

...Utter chaos or sheer comical genius? The Eric Andre Show transcends what most people typically think of in terms of a variety show. This man has taken his talents as a comedian and created something that is truly unforgettable. The show on Wednesday, September 19 started with Eric Andre running out on stage throwing beer, sandwiches, what seemed to be chicken carcasses, and many other objects out into the crowd as he jumped off stage and began to run through the dense mass of people pushing, shoving, and simply making a riot amongst the observers. He disappeared and shortly after appeared back on stage fully naked running around the set. Things slowly settled down and it was time for his first guest, Russell Brandt. The crowd grew eager and when he finally came on stage, it was clear that it was in fact not he. Either that, or Russell Brandt changed his image to that of a malnourished Philadelphian homeless person. Once on stage “Brandt” sang a song, in what seemed to be English accompanied by a plastic guitar and a 2 liter bottle filled with some unknown foamy liquid that eventually also ended up in the crowd. His next two guests consisted of a local juggler and Freeway, who is a native rapper of North Philadelphia. It was clear that neither of the two were aware of what they were actually participating in. Right as the juggler was about to begin his performance, the lights dimmed and Doc Chicken emerged. This was nothing more than a rubber chicken with a stethoscope...

Words: 537 - Pages: 3

Premium Essay

Conflict Scenorio

...One of the strategies we discussed to resolve the conflict was (1) Meet with the three employees to discuss their ideas, (2) Meet with Jan and Marc to understand why they are unable to come to an agreement or compromise, (3) As the manager direct each employee to develop and present their ideas about the ad to a management team. The first strategy we discussed was to have a meeting with Jan, Sally, and Marc to find out why and how we could help them come to a decision about the ad. Allow each employee to present what ideas they have for the ad. As the manager listen to the idea, explain to them your views on what makes a successful ad, and make any suggestions for improvement on the ideas, if needed. Feedback is welcome, but we have a deadline to meet. Ask each one of them what they can produce to help promote this ad. Also remind them that they have been successful in the past and we are sure you can work together to solve this conflict. It’s about compromising. The second strategy is meeting with Jan and Marc, since they were unable to compromise. Even though they worked very well together in the past and Sally tried to get them to come to an agreement they could not set their personal values aside. The manager needs to be the negotiator to guide employees to see others views. Compromise is the key to good negotiation. You need to be able to give in a little to get closer to what you want. Have Marc and Jan present their ideas for the ad, give feedback on...

Words: 481 - Pages: 2

Free Essay

Team Charter

...Attendance & Contribution: • Everyone should contribute to the assignment on daily basis and inform of any issue if there is any exception. • Participate in decisions about group planning, assignments, etc. • If one cannot contribute for whatever reason, please notify in a timely manner. • Participate is must at least three times weekly if discussion is required. Assignment Submission: • Meet assignment deadlines agreed to by the team to allow for final submission on time. • Due date for individual contributions should be set as Friday by noon for each team assignment- giving team lead ample time to compile and submit the project by Sunday. • We should be able to target the submission timeline a day before so that we have enough time to react to any contingency. Team work: • We should work together as a team to deliver the assignment and utilize the strengths of each other. • Make sure that we are unified in the final product. • Be open and willing to do one’s part Weekly Meetings: • A weekly meeting should be held so that the defining of roles for each assignment can be done. • We should meet weekly once in the begging of assignment no later than Wednesday to define roles, assigning a team lead and assignment delivery structure. • Stay in contact with team members via forum or email at least 3 times weekly. • Communicate fairness issues openly and professionally Exceptions: • Team lead and team member should be notified immediately if there is...

Words: 381 - Pages: 2

Premium Essay

Managers Perspective

...team and the reasons – Our team worked very well together on the project. We divided up the work load and each team member submitted a chapter. Everyone checked the group discussion board every day and made comments when appropriate. 2) how you and your team members might have worked better together and what you would do differently if you were to work together again – We worked very well together on the project, as we have done throughout the class. We each individually did research and submitted a chapter. Everyone was involved in editing and making suggestions for improvement of the final paper. 3) what could improve this activity, anything in the course content or anything the instructor might do in the future – I would like to have had more experience in working with the Excel templates provided on the text CD-ROM and it would have been insightful to tie this in with our final project. Names of Team Members In the table below, list your own name as the 1st team member. Then list the names of the other members of your team. You probably have fewer than seven members—just use as many rows as you need. Ratings To rate yourself and the rest of your team use this scale and mark an “x” to show your rating: 5 = exceptionally superior; 4=completely satisfactory 3 = sufficiently supportive; 2 = barely there but valuable; 1 = undesirable or interfering Rationale For each team member, state the role, overall contribution, and reasons for your rating. Keep your comments brief...

Words: 410 - Pages: 2

Free Essay

Edu 644 Week 3 Dq 1 Website Sharing and Feedback

...feedback you give and receive will support enhancements to your website as you continue to develop it throughout the course leading up to the final evaluation in Week Six. Review the Week Three Instructor Guidance for further details about participating in this discussion. Initial Post: Create an initial post that includes a link to your website created for the Week Two Assignment and that addresses the following: a.    Discuss your experience creating the website. Note any challenges you experienced and how you overcame them. b.    Share something that you learned while constructing your own website and discuss what you have enjoyed or disliked most about the process of creating the website thus far. c.    Reflecting on what your finished website will look like, describe your vision for the website’s design and content and how you can potentially use this as a personal resource or in your current or anticipated professional practice. Guided Response: Respond to a minimum of two peers. Make an effort to respond to two peers that you didn’t engage with in the previous discussions. In responses, provide feedback to your peers about their website’s design and their working definition of at-risk. Additionally, provide constructive recommendations for how your peers can enhance their websites and definitions to meet the expectations for the final submission in Week Six. Though two replies is the basic expectation, for deeper engagement and learning you are encouraged to provide responses...

Words: 312 - Pages: 2

Free Essay

Edu 644 Week 6 Final Creating a Web-Based Resource for a Population at Risk

...EDU 644 Week 6 Final Creating a Web-Based Resource for a Population At Risk To Buy This material Click below link http://www.uoptutors.com/edu-644-new/edu-644-week-6-final-creating-a-web-based-resource-for-a-population-at-risk Throughout this course, you have had the opportunity to examine various populations at risk and learn about strategies and resources to support these groups. You have reviewed many websites that offer services for a variety of populations at risk as well, which have hopefully served as models for your website that is finalized for this Final Project. In the Final Project, you will demonstrate mastery of the five course learning outcomes by completing the website resource you have been designing throughout the course that describes what you learned about children and families at risk as well as a specific population you selected as a focus during Week Five. Additionally, the website you create here may be an effective artifact to include in your MAED program eportfolio during your enrollment in the Capstone, EDU695, and will likely be useful to you as a resource for future professional work with your chosen population at risk from this project. Create your Final Project to using the content and written communication instructions below. Use the Grading Rubric to review your Final Project before submission to ensure you have met the distinguished performance for each of the components described below. For additional assistance, review the Week Six Instructor...

Words: 1331 - Pages: 6

Free Essay

Technology Management

...based on the activity and the on the week. The final budget has been calculated based on the phases. The detailed information is as follows: Time and Cost: Phase | Activities | Tasks | Deliverables | Dates | Cost | Project Requirements | Develop Business Requirements. | Collect Requirements from client and register a domain name.Draft the proceedings and document them.Produce a final version of the Business Requirements.(User Signoff) | Preliminary Business Requirements | 6/16/2014 | $360 | | Develop Technical Requirements. | User need to fill the form and register.Provide security by using secure pages such as HTTPS.Estimate hosting space for website.Identify appropriate website development platform and suggest to the client.Draft the proceedings and document them.Produce a final version of the Technical Requirements.(User Signoff) | Preliminary Technical Requirements. | 6/23/2014 | $400 | | Develop User requirements. | Collect required webpages names.Collect menu navigation requirements.Collect Access Requirements from client. | User Requirements. | 06/30/2014 | $160 | | | Draft the proceedings and document them.Produce a final version of the User Requirements.(User Signoff) | | | | Website Development | Develop Front end of website. | Establish Design of the Website.Create Design Elements.Develop overall layout.Assign content elements to webpages.Draft the proceedings and document them.Produce a final version of the Front end. (User Signoff) | Front...

Words: 787 - Pages: 4

Premium Essay

Manager

...them more appealing and increasing their probabilities of leading the financing. However, they chose to bid to lose, with just enough terms to get into the second round to "protect their reputation", but not to lead. The deal started to become more attractive with the possibility of Disney awarding a sole lead arranger mandate and with the increased potential for a successful syndication. At this point, after Chase made it through the first round, they decided on a more aggressive final proposal where they would be very close to meeting most of Disney’s demands in order to win the deal. Although may not aggressive enough to lead in the first bid, it’s still a good strategy to pretend to bid to lose but make the short list and then bid to win. Three reasons: (1)not too aggressive from the very beginning, making the economics not so appealing, especially considering other competitors will bid very aggressively. (2)but aggressive enough to entre the short list. (3)not afraid to lose. If the final condition is not fit for profit purpose, may out. 2. Standard Commitment Letter The standard commitment letter established by Chase for the Disneyland project would have the following terms:   1. HK$300 million loan.   2. 15-year maturity.   3. A provision that allowed repayments to start as late as three years after opening.   4. Chase would underwrite the full...

Words: 392 - Pages: 2

Free Essay

Reference

...under production supervisor testing for quality assurance. The labor had a certain target in production per day unit where my role was to check the cracks developed due to excess heat while quenching. The defects were also produced because of machining mainly due to grinding.These defects had to be marked and were cured if possible, further they are sent for machine testing like for example for checking the weight, the rotors and impellers were put on bALAncing machine and if excess material was present was removed otherwise if less material then the required was then rejected. LearningS: testing of product’ Working under production authority Targets fulfillment Understanding the production department and process and how it affects the final product and targets of the company Exposure to a specialized company (since there are only 3 in india) ....

Words: 266 - Pages: 2