Ethical Hackers And Ethical Hacking Information Technology Essay

Ethical Hackers And Ethical Hacking Information Technology Essay The Internet and the other information systems are acting a vital role in organizations today. More and more organizations have become depend on network services completely of partially. So, a single failure of the network can cause severe losses to the organization. However, due to this huge demand of Internet and network services, computer security and the serious threats of computer criminals have comes to the foreground. Computers around the world are systematically being victimized by hacking attacks every day. Most of the attacks are very organized attacks and the attackers are very well understood about the general system vulnerabilities. So if they found any of those vulnerabilities in a system, they might be able to steal everything they want from the system and completely ease their tracks within even in less than 20 minutes. That might be a huge loss for the company in term of money and reputation. Thus to avoid these kind of attacks companies should have to employ a mechanism to Identify vulnerabilities in networks, applications and systems before they can be exploited. Generally, this is the job of an ethical hacker. Ethical Hacking and Phases Ethical Hackers and Ethical Hacking An ethical hacker is a security professional who helps organization to take defensive measures against malicious attacks and usually the process he doing to find those vulnerable point is called Ethical Hacking. Sometimes this is also known as Penetration Testing or Intuition Testing. In this case, the ethical hackers are getting into the minds of computer criminals; think like them to find about innovative ways the hackers may use to get into the systems. Then organizations can take required actions to avoid those vulnerabilities. It has identified that the almost all computer systems have vulnerabilities that can be exploited by a hacker to come to do damages. This can be due to an unpatched application, a misconfigured router or a rough network device and it will be not able to detect unless penetrate the networks and assess the security posture for vulnerabilities and exposures regular basis. As the hacking is a felony in most of the countries, ethical hackers should only operate having required permission and knowledge of the organization that they are trying to defend. In some cases, to check the effectiveness of their security teams, an organization will not inform their teams of the ethical hackers activities. This situation is referred to as operating in a double blind environment. To perform productive penetration testing, the ethical hackers who are going to conduct the testing must have to have variety of in-depth computer skills. They should know how to look for the weaknesses and vulnerabilities in target systems and need to have the knowledge of the tools a malicious hackers use on system hacking. However, because not everyone can be an expert in all the required fields that an organization uses, such as UNIX, Windows, Linux, and Macintosh systems; usually ethical hacking is conducted by teams whose members skills complement each other. Generally, there are three types of ethical hacker classes. This classification is done based on the hacking purpose of the hacker. Black-Hat Hackers Are the individuals who has the necessary computing expertise to carry out harmful attacks on information systems. They generally use their extraordinary knowledge and skills for personal gains. The black-hat hackers are also known as crackers. Gray-Hat Hackers Are the individuals with a split personality. At times, this individual will not break the law and, in fact, might help to defend a network. At other times, the gray hat hacker reverts to black hat activities. Thus we cannot predict their behaviour. White-Hat Hackers Are the individuals who usually have exceptional computer skills and use their abilities to increase the security posture of information systems and defend them from malicious attacks. These individuals probably are an information security consultant or security analyst. Why Ethical Hacking is need to perform Although many people know hacking as a horrible thing, most of them not think that they would not be hacked. But this is not the real situation. Almost every computer system has security breach that the haceks could come in and for security purposes these vulnerabilities need to avoid. One of the most important reasons for ethical hacking is to find those security leaks in an organization network. To do this, companies can hire security experts who have great knowledge on cyber security and trained as ethical hackers. So they can use their knowledge to hack into the systems to find insecure areas. Then the company can take necessary actions to secure their networks easily. There are two kinds of security leaks that an ethical hacker can identify. Hacking in to systems to steel data If a company compromised with this sort of attack they will lose not only the information or money, they will lose their reputation as well. So that might be cause to lose their customers as they not feel their personal information and data are completely safe. Leaks allows to compromise to Viruses If the company network compromised into viruses, it will allow shutting down entire network in just minutes. More than that, some viruses are able to perform harmful activities like data deletions. So the company may lost important data. Thus to improve overall security posture and avoid intellectual property thefts, regular ethical hacking practise is very critical in an IT company. More importantly, that will help save company money in millions and will build the reputation as well. Also as this system penetration is performing, thinking with a mindset of a hacker who tries to get in to the system, the companies can completely rely on professional ethical hackers reports to adjust the company security posture. Framework of Ethical Hacking In order to complete ethical hacking processes successfully, ethical hacking professionals have introduced several phases to follow up. In the there, they have break down the complete process in to several phases and generally both malicious and genuine users following that methodology. Following diagram illustrates those steps and it has described in detailed below. Anatomy of hacking Source: http://www.twincling.org/twincling/slides/ethicalhacking.pdf Reconnaissance This is the first step of any hacking attempt and generally the attacker tries to gather enough information as much a possible about the target system. This process also knows as foot-printing. In may gather information on areas such as determining the network range, identifying active machine, finding open ports, detecting operating systems. There are two ways reconnaissance is performing. Active reconnaissance: Is the process of live exploration of the system to find about the information such as running operating systems and services, open ports, routers and hosts. Passive reconnaissance: This involves monitoring and finding information or clues on the network using network sniffers or other mechanisms. The information can be domain names, locations, contact numbers etc. Sometimes this involves mechanisms such as searching through organizations or persons discarded materials. Following are some of clever ways or the tool, that reconnaissance can be perform against a target network. Using Google This is the most common and efficient way of finding information about a company. As the Google is the most common search engine using in the Internet, Google can be use to find publicly available information about target system. Sometimes, even though the company has removed the data from their web sites Google will be able to provide information from its caches. Thus Google can be use to begin the reconnaissance process. DNS Information tools The next best way to get information about a company is their domain name. If you know the domain of a company rest of the information such as their IP address, contact information and locations can be find easy using DNS tools. For this purpose, most common command line tools are whois and dig and they will show above DNS information in text. But the web sites like www.dnsstuff.com, www.samspade.org, www.geektools.com and www.easywhois.com will provide same information in more user friendly way. Those tools have various options and can provide information quarrying by the IP address or domain name. Also the command nslookup will map the domain name to the IP address or vice-versa. Arin Arin is a very well known web based tool to find network ranges which a company holding. Just entering a single IP address of the range ARIN can give the whole network range the company owns. Social Engineering After knowing the basic information about a company, the best way to get know more information about the company is performing social engineering. In here, hackers trick people into revel information by themselves. The common way is calling or meeting employees and tricks them to get more information. Scanning This is the second phase of hacking framework and involves acquiring more detailed information based on the data collected in early phase. This is very similar to the active reconnaissance and in this phase it tries to dig into little deep. Generally this phase includes activities such as indentifying live hosts, discovering running services and their ports, detecting the running OS. Main target in this phase is to build the blue print of the target network including the live host IP addresses, opened service ports. The hackers use various scanners in this case and few of their techniques listed below. Ping To identify the active hosts in a networks Ping is the best tool. It can provide the information such as status of the host, host name and their TTL details. It is a very simple utility uses ICMP packets to scanning. Ping send ICMP packets to a target host and if it receives the acknowledgment we can make out the system is active. There are few handy tools that can be used to automate this ping process to check the availability of range of IP address. Few examples of them are Hping, icmpenum, NetScan Tools. Traceroute Traceroute is a tool that can use to mapping the location of a targeted host. It uses same technology as Ping and shows the exact path to the target host. NMap NMap is the most popular port scanning tool and it is a free and open source utility. Both malicious and genuine users use to identify vulnerabilities on computer systems. It has many options and it is able to perform almost every type of scan like connect scan, half open scans, SYN scan etc on a targeted host. Also it is a very useful tool for task such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMap can scan host in a network range straight away and it is able to detect the versions of the operating system that running on the targeted system too. WAR Dialling This is a tool widely used earlier time to detect active modems in the networks. This was a common hacking tool as there were many deal-in modems available in the network to enable their employees to login into the network. The program can automatically dials a defined range of phone numbers and logs the success full attempts in to its database. But as the modem technology is getting obsolete very fast this is not using very much. Banner grabbing Another useful technique to find about running service ports is called banner grabbing. In this case the hackers tries to connect to well know port such as 80, 8080, 25, 110, 23, 22 etc using telnet. So if the trying service is running on the target server it will display the service banner including the type of the software and running version. Thus the hackers can grab that information to their building blue-print. Enumeration (OS / Application Attacks) This is the hacking technique of convincing some target servers to provide them some information about the system which are vital to precede the attack. The information the attackers normally target are resources and shares available in the system, valid users and user groups and about running applications etc. The common way of enumeration is by use of the null sessions, the sessions which usually have no username or password. Once the hacker gets into the system the he starts enumeration by using some tools to find out the data he wants. There are several tools available that uses to do these queries. NBTscan and Netbios Auditing tools are few commonly using tools. Hackers also enumerate the systems using the SNMP protocol too. Enumerating the SNMP protocol hackers can get the information they want easily. This is an easy way than using null session. But as SNMP v3 sends data after encrypting it, that data need to be decrypt before use it. SNMPutils, IP Network Browser, SNMP Informant, Getif are some of tool use for SNMP enumeration. Gaining Access As all above phases are only hacking preparation phases, this is the phase the actual attack is executing. The hacker will use the blue-print he created during previous phases. During this phase the attacker tries to launch attacks targeting the applications, operating system and the network. To do that, hackers may launches DoS attack, buffer flow attacks, application attacks and even they may insert viruses and Trojan horses to get access to the network. Another goal of the hackers is to gain the highest level privileges he can get. If so, he will able to delete all the tracks and evidence of his activities without any issue. Also if the NetBIOS TCP 139 port is open and accessible the easistt way to login to the system is guessing the password. Thus the first attempt of the attacker will be guessing the system passwords to enter with the highest level of privileges to the system. Most of the times, this step will be an easy task, because most of the users keep their password to an easy-to-remember one. Also if any information available about the user like family members names, childrens name, birthday, there is a great potential to be the password one of them. Also there are lists of commonly using password and the hackers can try those passwords to login to the system. If they were unable to guess the password, the next step is to crack the password using an automated tool. There are several strategies used by the hackers to crack passwords. Social Engineering The easiest and the common method to crack password and the hacker calls or meet the user get the password from him tricking by some fraud. Dictionary cracking In here the cracking is performing using some collected words related to the user and list of commonly using password. The list is checking one by one and usually this is an automated process doing by a tool such as Legion. Brute force cracking This is an automated password cracking mechanism and this will just use combination different characters, letter and symbols to guess the password instead of dictionary words. Hybrid cracking This is a mixed mechanism of both dictionary and hybrid password guessing mechanisms. It will first try the dictionary passwords and then tries the letter combinations. Some automated password-guessing tools are Legion and NetBIOS Auditing Tool. However, the tools like L0phtCrack,ScoopLM, KerbCrack will allows the system administrators to audit there users password and let them know if anyone using such password which can be compromised to a password cracking tool. Other than above mentioned password cracking methods, hackers use keystroke loggers to intercept the uses key strokes to find their passwords. Those keystroke loggers are able to save into files or send all the user key stokes to a remote destination. There are two types of keystroke loggers. It can be either software based or hardware based. The hardware keystroke loggers must physically be installed into the system and the software keystroke loggers can be a action of a Trojan-horse. Few examples for keystroke loggers are ISpyNow , PC Activity Monitor , Remote Spy and following figure shows an example of a hardware keystroke logger. If the hackers could not able to track down the user password the hacker will try to get access to the systems using network attacks. There are several methods hackers will use to attack the networks. Following listed are few of them. Sniffing Attacks Sniffing id the process of capturing data from a network as they pass and storeing them to process offline. To this process hackers use various sniffing tools with different capabilities. Some sniffers can only work with TCP/IP while more sophisticated sniffers works with many other protocols including data link layer protocols. Also sniffing attacks can be use to grab user logins and passwords too. As the telnet, http, POP, SMB sends password data in plain text and travel around the network using sniffing attack they can be easily grabbed out. Sniffing can be either active or passive. Passive sniffing is performing at Hub networks and the speciality in there is that the all the machines in the networks sees all the traffic of the other machines. So the hackers can capture almost every data packet travels through the network. As the hub networks are not in real environments passive sniffing is very unlikely to happen. Active sniffing is takes place in switch networks and thus the hackers will not able to see other users traffics except the broadcast data. Thus the only possible attack is the man-in-the-middle attacks. In here an attacker is positioned in the middle of communications between two legitimate entities in order to capture data that passes between the two parties. As mentioned earlier, there are several sniffing tools available with different capabilities. The most popular sniffing tool is the Wireshark and it was formally known as Ethereal. It is a free network protocol analyzer and supports for both Windows and Linux operating systems. It is a very sophisticated tool and it is capable of capture traffic on the network and save it on disk, filter traffic according to the requirement and showing summery and detailed information for each packet. Few of other sniffing tools are Packetyzer, Dsniff, TCPDump, and Snort. Dos Attacks A DoS attack is a network attack that results in some sort of interruption of service to users, devices, or applications. Hackers use several mechanisms to generate a DoS attack. The simplest method is to generate large amounts data appearing as a valid network traffic. This type of network DoS attack saturates the network so that valid user traffic cannot get through. A DoS attack takes advantage of the fact that target systems such as servers must maintain state information. Applications may rely on expected buffer sizes and specific content of network packets. A DoS attack can exploit this by sending packet sizes or data values that are not expected by the receiving application. These attacks attempt to compromise the availability of a network, host, or application. They are considered a major risk because they can easily interrupt a business process and cause significant loss. These attacks are relatively simple to conduct, even by unskilled hackers. Maintaining Access By entering to this step the hacker has to be getting in to the system by any mean and this phase it is focus on to the established session maintaining. Thus the hacker is able to perform any file upload/download or any software tool inserting. In this stage hackers are trying to establish a hidden path to enter to the system next time easily. So to do that, they will insert some malicious software like Trojan-horses, sniffers keystroke loggers etc. Trojan-horses are malwares that carries out malicious operations under the appearance of a desired function. A virus or worm could carry a Trojan-horse. A Trojan-horse contains hidden, malicious code that exploits the privileges of the user that runs it. Games can often have a Trojan-horse attached to them. When running the game, the game works, but in the background, the Trojan-horse has been installed on the users system and continues running after the game has been closed. The Trojan-horse concept is flexible. It can cause immediate damage, provide a back door to a system, or perform actions, such as password capturing, keystroke capturing, executing DoS attacks. Some advance hackers writes custom Trojan-horses according to the requirement and those are very hard to detect. There are many examples of Trojan-horses like Tini, netcat, subseven, backoffice etc. Clearing Tracks This is the final step of the hacking framework and in here the hackers delete all the evidence and track of their access. Generally, in any operating system it keeps a record about the user logins, file deletes, file inserting, installing etc. So once hacker loges into a system his attempts and actions are logged in to operating system log files. So the hackers have to delete these logs. Although this is a very hard task to perform in reality, there are some tools do alternative actions such as disabling the operating system auditing, deleting all the log records, delete temporary log files etc. So executing tools like that they can delete their tracks, usually with all the other log files. There for system administrator may know that system has been compromised. The software tool auditpol.exe is a such tool that able to disable OS logging. Also attackers need to hide the files they uploaded in to the systems and to do this there are few techniques available call wrappers. These wrapper tools are able to hide the uploaded data as picture file. Design an Evidence Gathering Prototype Importance of a Evidence Gathering Prototype As shown above, the possibilities and opportunities are limitless a company can be targeted by a malicious attack. Although implementing correct firewall and security policies can minimize the exposure of many systems to the hackers, it is very unrealistic to completely avoid security breaches in a comport system. Therefore, it is very important to detect intrusion activities and limit as much as possible the damage they can produce. Installing well planed and configured Evidence Gathering Prototype with intrusion detection and honeypot capabilities will do that. In generally, intruder detection systems are able to record all the system activities on a given host or a network. Thus if the monitoring system is compromised or targeted to attack, all the useful information to track the attacker, are recording in the IDS system. Sometimes they can alert the system administrators about the attacks as well. One of another feature of such kind of system is that they are able recognize violations of an organisations security and acceptable use policies such as transfers of inappropriate material throughout the companys network, or downloads of authorizes data files, accessing restricted contents, use of unauthorized application, etc. Also, some systems are able to identify reconnaissance activities which may followed by hacking attacks. As these systems are able to keep log on every said incidence, the systems administrators can use those data in there ethical hacking exercises. Furthermore, they can get idea about the techniques attackers use, attack launching periods, times and frequencies, common types of attacks they get and about the locations of the attackers and etc. One of the side advantage can have installing a IDS system is that the deterring of hacking attempts, because being aware that their activities are being monitored the hacker might be less prone launch attacks. Thus installing a system in purpose of evidence gathering is very crucial and rest of this document will focus on designing a better prototype for that purpose. For example, a hacker can identify whether an IDS is present in the system if present that attacker may first attack the IDS to bring it offline. Architecture of the prototype The general idea of this prototype is to provide new defence mechanism to networks from huge varieties of behavioural network attacks. Especially rootkit attacks, buffer overflows, DOS / DDOS attacks, SQL injections and many other types of hacking in to a network. Keeping records of malicious behaviours and providing tracking down the intruders, this system will be a whole new protection concept for current networking intrusion threats. Techniques like Intrusion Prevention Systems, Honeypot and network Sniffers can be used as first line of defence to fights again unauthorized access to networks and network resources. But it is hard to use each of them separately in a network to prevent malicious attacks. So a good system should use all those techniques in a single system. Also only one technique will not suit either, as they may have some tribulations on it. Thus, the designing prototype uses all the techniques mentioned above. It will work as a choke point between the WAN and LAN so all the network traffic should flow through it and the traffic will inspect from there. About architecture, the prototype is consisting of three Intrusion Detection Systems, Honeypot and a monitoring console. Three IDSs will be Signature based, Anomaly based and Stateful-protocol analysis IDSs. All the incoming network traffic will be inspected by these IDSs before enter in to the LAN. If IDSs are detected any suspicious behaviours, they will send an alarm message to the Honeypot. Then the malicious traffic will start to circulate among the IDSs without the intruders knowledge. Therefore an intruder will not be able to perform continuous actions because the IP addresses of the traffic are keeping changing. The Honeypot monitor all the network traffic which will be forwarded by the IDSs and keep records of all behaviours. Allowing or denying the network traff ic to enter in to the LAN will be decided by monitoring the behaviour of the incoming traffic to the Honeypot. A separate monitoring console is connected to the Honeypot which also has an online monitoring and log making system so that the sources of any malicious traffic can be identified. Following figure show the overview of the system. Major components Signature based IDSs has a predefined database of attack signatures. It compares all the network packets against the attack signatures in the database. Anomaly based IDSs compares the network traffic against a profile build by previous trainings of network traffic behaviours and continually sampling all activities occurring within the system. Therefore it can react to new zero-day attacks. Stateful-protocol analysis IDs relies on vendor-developed universal profiles that specify how particular protocols should and should not be used, on decision taking. Core of the system is the Honeypot which will monitor all the network traffic flow through it. Monitoring console with a real time log making and tracking system implemented on it. This console provides a real time monitoring and online tracking system to track down and locate the intruders source. Network traffic database will store all the information about the traffic flow the Honeypot encountered, signature database and IP addresses of all the malicious / suspicious traffic flows. Capabilities of the prototype Signature based Intrusion Detection System Knowledge is accumulated by the IDS vendors about specific attacks and how they are carried out. Models of how the attacks are carried out are developed and called signatures. Each identified attack has a signature, which is used to detect an attack in progress or determine if one has occurred within the network. Any action that is not recognized as an attack is considered acceptable. Anomaly based Intrusion Detection System These are behavior based products that do not contain databases of attack signatures. They first go through a learning mode to build a profile of normal behaviour of a system or a network by continually sampling all activities occurring within the system. These IDSs will be configured to detect the Zero-day attacks which means configured to detect new and unknown threats. All anomaly based IDSs will be trained by using accepted penetration tools such as GFILanguard, Nesses, Nmap, Retina, NetCat and Enstealth. After the profile built all the activities are compared against it. If anything which does not match the profile occurs an alarm is triggered and packets will be tagged. Stateful-protocol analysis Intrusion Detection System This is little similar to anomaly-based detection technique. But it relies on profiles that provided by the device vendors. Those profiles enable IDPS to understand and track the state of network, transport and application protocols that have a notion of state. It can thus identify unexpected sequences of commands, such as issuing the same command repeatedly or issuing a command without first issuing another command upon which it is dependent. Honeypot Honeypot is an essentially decoy network-accessible resource, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the Honeypot. All traffic entering and leaving the Honeypot is logged. Honeypot can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to break into a system. Monitoring Console This machine is to examine the intrusion methods / traffic flow used by the intruder. This analyze will be done synchronizing with the Honeypot. Those details will be used to create complete reports about the encounters. The tracking system which is installed on the console will provide a complete track of the intruder. Other Features The prototype can analyze the behaviours of the incoming traffic since all the traffic should go through the system. Any intrusions which will match to the signatures, the Signature Based IDSs will alarm immediately to the Honeypot. By recording and tracking the traffic pattern, a decision can be taken whether to drop the identified traffic or track back the source of the intruder. The detected or suspicious traffic will be redirected to the Honeypot as the final action. Make use of the online tracking and log making system, the prototype can record all the behaviours in real time and provide a tracking system to catch the intruders. Commercially available Intrusion Detection Systems Snort Snort is a free and open-source network-based IDS system and it is the most commonly using intrusion detection system. It is a software-based NIDPS and able to perform both protocol analysing and content searching. Snort has intrusion prevent capabilities as well. So it is use to both actively block and passively detect a variety of attacks and probes. It uses signature, protocol and anomaly-based inspection to intruder detection. CISCO Secure IDS This

Transport of Karachi

Karachi is the economic and financial hub of Pakistan generating approximately 53. 38% of the total national revenues. Approximately 75% of the population falls in category of poor or low income groups while the rest constitute middle or high income groups. Urban transportation system of Karachi has no mass transit system and people rely mainly on bus services. The people on average take 13. 5 million mechanized trips per day, of which 52% is made by public transport. Urban Bus Scheme and Karachi Circular Railway are major project deemed to relieve the congestions on the roads of the city. Only Urban Bus Scheme, however, has yet shown considerable activity on part of public transport planning and implementation. This system lacks inter-modal integration and sustainability due to which this system has failed to cater to the growing commutation demands of masses. This research study aims to investigate the demand and supply gap of the sector in light of institutional capacity to develop and maintain. Also, this study attempts to compare public transportation system of Karachi with comparable metropolis like Mumbai, Delhi and Beijing. In last, the study attempts to explore socio-economic reasons behind delay of Karachi Circular Railway. The study has adopted descriptive and thematic analysis approach to achieve the objectives. All the analysis, hereon, are done on secondary data gathered for the purpose. This study concludes that an integrated, multi-modal and sustainable public transportation system can only be achieved by giving a holistic approach to planning, execution and capacity building of the sector. 1. 1Population Overview During the last 50 years, Pakistan’s population has increased from 33 million to 152. 3 million in FY 2005, thus, making Pakistan the s1- LITERATURE REVIEWeventh most populous country in the world (Karachi Mega Cities Preparation Project, 2005). According to the 1998 Census Report, Karachi had a population of 9. 2 million in 1998 compared with 5. 2 million in 1981, a growth rate of 4. 5% per annum. In 1998 the National population was 130. 5 million, and that of the Sindh province 30. 4 million. Growth rates since 1981 were 2. 61% and 2. 80% respectively, indicating rapid urbanization in Karachi, which was also much higher than the national average growth for urban areas of 3. 5% and also for that of Sindh at 3. 52%. On this basis population in 2015 for Karachi would reach 20. 7 million and 26. 4 million in 2020. (Karachi Mega Cities Preparation Project, page 4, 2005) Karachi, the capital of Sindh is the commercial hub and the gateway of Pakistan. It generates approximately 53. 38% of the total collections of the Federal Board of Revenue (FBR Report, 06-07). The city handles 95% of Pakistan’s foreign trade; contributes 30% to Pakistan’s manufacturing sector; and almost 90% of the head offices of the banks, finan cial institutions and multinational companies operate in Karachi. The country’s largest stock exchange is Karachi-based, making it the financial and commercial center of the country. It also comprises about 40% of the total banking and insurance sector of the country. Karachi contributes 20% of GDP, adds 45% of the national value added, retains 40% of the total national employment in large scale manufacturing, holds 50% of bank deposits and contributes 25% of national revenues and 40% of provincial revenues. Karachi Mega Cities Preparation Project, page 3, 2005) The CDG (City District Government) of Karachi is divided into 18 zones or towns. These towns are governed by the town municipal administration. Each town administration is responsible for infrastructure and spatial planning, development facilitation, and municipal services (water, sanitation, solid waste, repairing roads, parks, street lights, and traffic engineering) in a town, except those functions which are retained within the CDG. Intra-city transport now falls under the Local Government. Karachi Mass Transit Cell, City District Government, 2006). Apart from in-migrants from Pakistan’s provinces, a large number of migrants from Afghanistan, Bangladesh and other South Asian countries have settled in the city. With an average monthly household income of Rs. 15000, there is considerable variation in income distribution. Roughly 75 percent of the households fall in the category of poor and low income groups, and 25 percent constitute the middle and high income groups (Karachi Strategic Plan 2020, 2007). It is no longer possible to overlook the urban decay in Pakistan. Streets are littered with waste, drains are overflowing with sewage, low-lying communities are inundated after rainfall, traffic congestion is ubiquitous, and the violent crime in urban centers is on the rise. The State either has divested from, or is no longer able to offer, reliable mass transit, good quality and affordable primary education, and healthcare. This has given the opportunity to the private sector to take up ome of these roles (Vision 2030, 2006) 1. 2Transportation – Facts And Figures The population of Karachi City District relies almost entirely on the road network for urban transportation. There is currently no mass transit system per se, although many commute using the network of bus routes. There are nearly 13. 5 million mechanized trips made each day within the CDGK area, of which 52 percent are made by public and 48 percent by private transport. There are 1. million registered vehicles in Karachi (almost 50 percent of the national total) and private vehicles – mainly motorcycles and cars – now constitute 83 percent of total registered vehicles while buses and min-buses constitute only 1. 5 percent (Karachi Mega Cities Preparation Project, page 14, 2005). In 2002 the total registered vehicles and cars were growing at twice the growth rate of the population while the vehicle fleet is dominated by cars and motorcycles, which account for 92% of the vehicles as compared to 6% for para-transit vehicles and 2% for public transport vehicles. The buses/minibuses are the most important mode of public transport in Karachi and better transport management strategies, service, accessibility, and affordability can help reduce the use of private vehicles (Urban Transport and Sustainable Transport Strategies, 2007). The intra-city road network has a radial pattern, consisting of a series of arterials, a few circumferential roads with inconsistent links and a disproportionately large number of local and collector roads. In terms of connectivity, the network is deficient in secondary roads that provide feeder service to major thoroughfares. The weakness has basically arisen from the piece-meal development focused on residential schemes in the past (Karachi Strategic Plan 2020, 2007). The availability of public transport has not grown at the same rate as the population in Pakistani cities (Sohail et al. 2006). With growth rates for private vehicles at over 9 percent, there are now over 280 new vehicles added to the streets of Karachi each day (Karachi Mega Cities Preparation Project, page 14, 2005).

Mrs. Alving From Henrik Ibsens Ghosts

Henrik Ibsens play Ghosts is a three-act drama about a widowed mother and her prodigal son, who has returned to his dreary Norwegian home. The play was written in 1881, and the characters and setting reflect this era. The Basics The play focuses on the unraveling of family secrets. Specifically, Mrs. Alving has been hiding the truth about her late husbands corrupt character. When he was alive, Captain Alving enjoyed a benevolent reputation. But in reality, he was a drunkard and an adulterer—facts that Mrs. Alving kept hidden from the community as well as her adult son, Oswald. A Dutiful Mother Above all things, Mrs. Helene Alving wants happiness for her son. Whether or not she has been a good mother depends upon the readers point of view. Here are some of her life events before the play begins: Tired of the Captains drunkenness, Mrs. Alving temporarily left her husband.She hoped to be romantically embraced by the towns local priest, Pastor Manders.Pastor Manders did not reciprocate her feelings; he sends Mrs. Alving back to her husband.When Oswald was young, Mrs. Alving sent her son to boarding school, shielding him from the true nature of his father. In addition to the above events, it can also be said that Mrs. Alving spoils Oswald. She praises his artistic talent, gives in to his desire for alcohol, and sides with her sons bohemian ideologies. During the plays last scene, Oswald (in a state of delirium brought on by his illness) asks his mother for the sun, a childhood request which Mrs. Alving had somehow hoped to fulfill (by bringing happiness and sunshine into his world instead of despair). In the final moments of the play, Oswald is in a vegetative state. Although he has asked his mother to deliver a fatal dose of morphine pills, it is uncertain whether Mrs. Alving will adhere to her promise. The curtain falls while she is paralyzed with fear, grief, and indecision. Mrs. Alvings Beliefs Like Oswald, she believes that many of societys church-driven expectations are counterproductive to achieving happiness. For example, when she discovers that her son has a romantic interest in his half-sister, Regina, Mrs. Alving wishes she had the courage to allow the relationship. And lets not forget, in her younger days, desired to have an affair with a member of the clergy. Many of her tendencies are highly unorthodox—even by todays standards. It is important to note, however, that Mrs. Alving did not follow through on either impulse. In Act Three, she tells her son the truth about Regina—thus preventing a potentially incestuous relationship. Her awkward friendship with Pastor Manders reveals that Mrs. Alving not only accepted his rejection; she also does her best to live up to societys expectations by continuing the facade that her feelings are purely platonic. When she tells the pastor: I should like to kiss you, this could be seen as a harmless quip or (perhaps more likely) a sign that her passionate feelings still smolder beneath her proper exterior.

Is Development A Continuous Process - 1138 Words

Introduction Development is a continuous process, that is to say, that a time evolutionary precedes the other and this in turn sits on the happened before. Therefore, it is so important to educate on the principle of totality, because the development of the child is global. The movements of the newborn child in the cradle are global, impulsive and undifferentiated, in a short time gain control and coordination along the stage of lactation (Calkins, 2015). The first year of life is crucial, in that it lays down the basis of behavior and of the skills that will be the person in his adult life. While the pace of growth and development is specific to each child, there is an order that allows you to evaluate it. There are stages that are occurring in orderly succession, although with some temporal variation (Bornstein, Arterberry Lamb, 2014). The child will experience major changes in all areas of their development: motor, language, intelligence, emotional. In the stage of 0 to 3 years of life, children develop skills, habits and programming of varied manner. There are different ways of learning: through experience with objects, with situations, learning by imitation, etc. It is important to understand each stage in the development of the child, their needs to be able to establish a programming session of early stimulation (Feldman, 2006). Currently, early stimulation, applied activities systematized and sequential, since the first years of life, very closely linked to theShow MoreRelatedChild Development : A Continuous Process Essay973 Words   |  4 PagesIntroduction Child development is a continuous process where the physical, emotional and mental aspects of advance to complex form enhancing its brain, behavioral and body abilities (Montessori Center International, 2013, p. 4). Specifically, aspects of a child’s development are; physical that involves development of skills; intellectual deals with memory and ability to solve problems. Language development involves enhancing ability to communicate with others; emotional development is the expressionRead MoreMedical Education : An Ongoing Process With Continuous Professional Development1654 Words   |  7 Pagesarising from traditional academic disciplines. Wisdom is said not to be a product of schooling but rather of a lifelong attempt to acquire it. Therefore, medical education in the rapidly changing healthcare system is an ongoing process, with continuous professional development. At a given point in a nurse s live, one has to come face to face with some of challenges that more oft en help in shaping the way one perceives medicine, thus enhancing our literacy to illnesses, wellness, as well as medicineRead MoreSoftware Houses Use Agile Development1431 Words   |  6 Pagessoftware houses use agile development methodologies such as XP and scrum to enhance its product quality, increase communication between teams, release products in short time and to participate its clients in software development life cycle. There are many problems usually occur, first problem the time spent between development of the software and to make it operational. Second problem is the difference between environments. There are two different environments; development environment is the firstRead MoreAn Organization Intervention For The Naval Station Weapons Center, Crane Division ( Nswc Crane ) Platform And Launch1153 Words   |  5 Pagesdesigning an organizational development intervention for a business, managers must first identify the requirements that are being placed on the orga nization. This is a vital step since management must ensure that any process that may be developed adheres to higher echelon requirements. Additionally, it is helpful to identify resources both within and outside the organization that will help guide the change. The purpose of this paper is to define resources for the development of an organization interventionRead MoreBest Practices in Continuous Process Flow704 Words   |  3 PagesBest Practices in Continuous Process Flow Introduction Pursuing continual process performance improvement by through the use of a wide variety of lean techniques leads to an enterprise being more responsive to its customers while at the same time drastically reducing the costs to operate. No longer can organizations hope to stay competitive over the long-term by continually embracing the more statically-based, less flexible means of process flow that they have relied on in the past. FundamentalRead MoreOverview of Progressive Learning1339 Words   |  5 PagesRunning Head: Progressive Learning Progressive Learning Progressive Learning Continuous learning is what individuals incorporate in their daily activities to learn with the experiences they acquire from their daily work. Everything is changing around us with the change in technology, change in people, equipment and procedures. With this, individuals need to understand the concept of continuous learning and apply it into their lives to enhance their skills. Everything that is associated with theRead MoreSoftware Development Life Cycle Throughout The Project1631 Words   |  7 PagesIntroduction: Agile is a methodology that which enables the continuous iteration of development and testing in the software development life cycle throughout the project. Iteration is defined as a basic or initial part of the software to release. Agile Testing process starts at the beginning of the project with high integration between development and testing teams. In agile testing, the testers will simultaneously work with the development team and testing is done in parallel at the each phase ofRead MoreRelationship Between Accounting Technique And Operation Management Tools925 Words   |  4 Pagestechnique, target costing also should be identified as the integrated strategic profit operation system which is applied with other management techniques. In order to explore the overall effect, a test using value engineering(VE) and quality function development(QFD) analysis was conducted in the small manufactory company. With the help of these approaches, the company achieve cost reduction with no sacrifice neither on quality or functionality. By this way, this journal demonstrates that the relationshipRead MoreThe Discontinuous View Of Development Essay834 Words   |  4 PagesThe discontinuous view of development is that child development is in certain stages. The children have different ways of â€Å"thinking, feeling, and behaving,†(Berk) than adults. Our book describes it as â€Å"a process in which new ways of understanding and responding to the world emerge at specific times.†(Berk pg. 6) I interpret the specific times as stages. Piaget believed in the discontinuous view of development. He developed the four stages of cognitive development. Those stages are sensorimotor, pre-operationalRead MoreManagement Of Incremental Software Development Across Cross Functional Teams1158 Words   |  5 Pagessoftware development across cross functional teams. Learned from years of successes and failures, the agile philosophy centers on software development with an importance with self-organization, motivation, in addition to daily team interaction. It means being able to present working software instead of slides and documentation. Agile encourages customer collaboration throughout the entire process to allow developers to respond to change in a timely manner. The agile development process can be implemented