What can Nigeria learn from the previous mistakes in electricity Research Paper

What can Nigeria learn from the previous mistakes in electricity liberalisation - Research Paper Example The industrial policy decisions and public finances, the physical characteristics of supply, the magnitude of capital requirement and size of industry, and the complex and close relationships between the industry and other significant economic elements all combine to impose challenges to the liberalization process. During electricity industry the liberalization in Brazil, Argentina, and Peru, various mistakes occurred, though these industries are the road to set successful models. Currently, Nigeria is liberalizing her energy industry, and may draw upon the earlier flaws of these models to fortify the sector. This paper seeks to present a discussion on the fundamental mistakes and discuss the way forward for Nigeria. Privatization is a term that evokes sharp political reactions. The concept covers a great range of policies and ideas, varying from reasonableness to impractical. Despite the variation and the somewhat unclear meaning, privatization has unequivocal political objectives and origins. Proposals for privatization not only return the service to the original private sphere but also seek to create new types of market relations and assure results superior or comparable public programs. In essence, privatization refers to the transfer of government assets or services to the private sector. The state may sell some of its assets to private investors, or alternatively lift statutory restrictions on competition between publicly and privately owned enterprises. Furthermore, by the state may be contract out services that it initially provided. The primary objective of privatization is to increase government efficiency1. Nonetheless, implementation of this concept may result in either negative or po sitive effects on government’s revenue. Essentially, privatization is the opposite of nationalization. Reasons for Privatization In general, privatization of the electricity industry in Nigeria was a result of the desire to increase efficiency and competitiveness, as well as the belief that the market place powers can achieve this more efficiently and effectively than state control. Nonetheless, given the previous history of government participation in services and goods production in Nigeria, and the prevalent history of crisis in these public enterprises, the process of privatization in Nigeria has various expected objectives. First, privatization is a way to inject market discipline to the board members, as the board must reflect the interests of shareholders, primarily the private sector investors whose interest lie with profit maximization. Second, the process results

The role that agents of socialization play in shaping an individuals Essay

The role that agents of socialization play in shaping an individuals political culture - Essay Example In fact, journalism has the capability to challenge the political arrogance displays and acts as a potential channel to display the voices of political situations in a particular region. The news media conveys messages, meanings and symbols to the wider society and political news can actually affect the image of a politician or a political party in general (Schudson, 2002). Education system also has a role in forming the political culture of an individual. People learn through the various books, theories and history the political culture and heritage enjoyed in the country. Also civics and law gives a lot of insight about the political structures and systems prevalent and the constitutional rights enjoyed by a particular nation thereby helping an individual to form an opinion (Zechenter, 1997). Other than these, religion and the workplace of an individual are important components shaping the political culture of an individual. Religion is especially a dominant force in forming political culture. Also the workplace of an individual helps him to get information and form opinions about political culture. If the individual meets people from different regions coming from varied cultures, values, beliefs and religions then he may have more knowledge about the cultures and opinions of other individuals. However, according to me the education systems and the media portrayal of the issues taking place have helped in forming a political culture. The history and civics subject helps us to know more about the political systems in the country and the media including newspaper, television and radio have helped in forming my personal opinion about the political culture. Another important factor which helped to shape my political culture is my parents, peers and relatives. Discussions and debates help in knowing more information thereby helping in forming an opinion about the political culture. To conclude, a culmination of

Marketing Plan For Lipton Ice Tea

Marketing Plan For Lipton Ice Tea In 2005, the tea industry reached the $1.7 billion category and it is expected to continue growing indefinitely (Mintel 2005). Market analysts believe the tea industry will continue to boom and is not expected to reach saturation level in the near future. The favorable movement in the tea industry can be attributed to two major factors: a) consumers need for convenience and time-saving services; and b) the positive press given to tea. American lifestyle and work habits have made convenience a necessity. As employers demand for productivity from their employees, consumers are more pressed for time. In addition, the shaky economy has made Americans fear for their jobs; thus, any product that can fill the consumers need for convenience and speed are almost automatically embraced into the American lifestyle (Mintel 2005). For the last decade, the health benefits of tea have gained wide coverage in the media. Studies continue to show the beneficial properties of teas, with health benefits ranging from lower cholesterol levels to improve arterial health and decreasing chance of cancer. This positive press has definitely catapulted the demand for tea (Mintel 2005). Both the need for convenience and positive press on tea have spurred an increase in sales of tea products, specifically ready-to-drink (RTD) teas sold in single-serve containers (Mintel 2005). Recognizing this trend, various companies in the tea industry have come up with innovative products to take advantage of the booming market for ready-to-drink teas. Lipton tea, one of the global leaders in refreshment brands, launched new products to meet the growing the need for ready-to drink teas and introduced innovative product line to capture the health- conscious market. For over a century, Lipton has been dominating the world tea market with the companys tea-based drinks including leaf tea, infusions and ready-to-drink tea. Its success has been attributed to the firms â€Å"strong focus on innovation and the expertise of its tea specialists- professionals in tea-growing, tasting, buying, blending and RD teams† (Wikipedia 2007). One of the main driving forces for Liptons success is the companys source of tea. Lipton teas are sourced from various plantations in well-know tea-producing countries such as India, Indonesia, Kenya and Sri Lanka. It maintains specialized tasting rooms in seven regional located across the globe. Presently, Lipton has about 30 different tea blends (Wikipedia 2007). As Lipton is a part of the Unilever global consortium, the company ensures that its tea producing farms do not only yield high-quality product but also protect and improve the natural environment and livelihood of workers and local communities. Liptons plantations in East Africa have been working with third party estates to ensure compliance with Unilevers sustainable agriculture guidelines and the Ethical Tea Partnership criteria (Wikipedia 2007). As part of Lipton teas drive to capture the booming market for ready-to-drink teas, the Anglo-Dutch Unilever Company entered into a joint agreement with American PepsiCo in 2003. Through the joint venture agreement, PepsiCo distributes or markets Lipton tea products, specifically Lipton Ice Tea in more than 60 countries where PepsiCo has established its corporate presence (Wikipedia 2007). â€Å"The 50-50 JV Pepsi Lipton International is the latest move in Unilevers Path to Growth strategy which has mostly involved the disposal of non-core businesses rather than support for existing brands† (â€Å"Unilever-PepsiCo† 2003). In a press statement, Unilever announced that the joint agreement with PepsiCo has two main goals: to move the Lipton brand into new distribution channels and into new markets. While Unilever claims that Lipton is the leader in the 16-billion liter world market for ready-to- drink tea, its presence remains slim in a number of key markets; thus, the agreement with PepsiCo is expected to address such concern (â€Å"Unilever-PepsiCo† 2003). Unilever stated that â€Å"the [50-50 JV Pepsi Lipton International] will target the ‘white space markets where Lipton has no current presence and it is anticipated that significant business opportunities will come from the key high-potential markets where Pepsi is already strong† (â€Å"Unilever-PepsiCo† 2003). PepsiCo is expected to build the sales of the Lipton ice tea in 60 countries including Brazil, Spain, Greece, Poland, Czech Republic, Slovakia, Hungary, Albania, Romania, Thailand, Singapore, Vietnam, Australia, Turkey, Egypt, Saudi and the six Gulf States. The Pepsi Lipton International venture is a logical expansion of an earlier collaboration between the two companies. The Pepsi Lipton Tea Partnership was set up by the two companies some 10 years ago to expand sales in the North American market, and is now firmly established as the leading RTD tea player in both the United States and Canada. With the aim of achieving a similar level of market dominance in the rest of the world, the latest joint venture will aim to leverage the strengths of both parents. It will principally sell ready-to-drink tea concentrate to franchise bottlers for distribution by Pepsi. As the worlds largest tea producer, Unilever will bring the brand, knowledge of the tea industry and a substantial research and development capability to the JV; Pepsi will contribute access to its extensive bottling and distribution network with strong customer relations (â€Å"Unilever PepsiCo† 2003). Customer Analysis There are two major target markets for ready-to-drink ice tea. One group is the consumers on the go. These are the employees, students, and other consumers who lead a busy lifestyle. The hectic American lifestyle demands for optimize productivity with lesser time- consumption. Thus, there is a need for products that are accessible and readily available. Convenience has dominated the market, particularly the food and beverage industry. The other group is made up of health conscious consumers, specifically the baby boomers who patronize anything healthy. The positive reviews as well as the studies on the benefits of tea drinking have stirred an interest in tea drinking. Representing about 10 percent of the world market for tea (Wikipedia 2007), Lipton ice tea is poised to improve its customer base through a joint agreement with PepsiCo and aggressive marketing strategy. Recent report (Winslow 2006) that the main factor for the improving market performance of Lipton ice tea is its health benefits. Consumers believe that tea is very good for the body; thus, it is more logical to drink more tea and less soda pop and other drinks. Consumers drink Lipton tea because of its beneficial effects to ones health. Consumers consider drinking Lipton as a healthy habit. The 100 percent Natural Tea and 150 mg of protective natural antioxidants has made Lipton tea a major participant in the global tea market. â€Å"Many tea drinkers choose Lipton because it is really inexpensive and you can get it just about anywhere. It is surprising that more people do not drink tea, as they would longer, happier and healthier lives if they did† (Winslow 2006). Furthermore, some customers think that taking anti-oxidants are healthy, thus, customers drink a couple of gallons per week: â€Å"Tea makes you look younger too and gives you energy as well. You know it also costs a lot less to drink tea too, for 100 bags at $2.50 lasts you about 3- weeks. 2-quarts per day are possible when it is really hot out, of course it varies with the drinker† (Winslow 2006). Recognizing that majority of Lipton ice teas consumers are the health-conscious and on- the-go drinkers, Lipton continues to develop its product lines to make it more convenient, accessible and health-appealing to consumers. Brand Analysis and Positioning Lipton ice tea is produced to make it â€Å"great tasting and good for [consumers] because it is rich in protective antioxidants† (Unilever 2007). Lipton ice tea is marketed globally as â€Å"the perfect drink for active, healthy lifestyle† (Unilever 2007). It is available in 16 oz plastic bottles with select flavors sold in six-pack cases. Flavors available are: Iced tea Sweetened Lightly sweetened iced tea Iced tea Unsweetened Tea with no sugar and no added flavors Iced tea with Lemon Sweetened iced tea with a twist of citrus flavor Iced tea with Raspberry Sweetened iced tea with raspberry flavor Iced tea with peach Sweetened iced tea with peach flavor Iced tea Diet Sweet Tea Lightly sweetened with Splendid and no calories Iced tea Diet Lemon Lightly sweetened with a hint of lemon Iced tea Extra Sweet Very sweet iced tea, marketed as Southern Style in some areas Half Half Half sweetened ice tea and half lemonade Diet green tea with Mixed Berry Mellow tea diet and lightly flavored with mixed berry (Wikipedia 2007; Unilever 2007). The packaging and marketing strategy for Lipton ice tea is a reflection of Unilevers thrust for consumer welfare and sustainable development. To meet the growing demand for ice tea, Lipton continues to develop new products through its research and development department. New flavors are being added to cater to changing and adventurous tastes of consumers. More importantly, the Unilever-PepsiCo ensures that Lipton ice tea continues to expand its niche in the global market. According to Patrick Cescau, director of Unilever Foods: We [Unilever] have a strong presence in the developing and emerging markets yet there is plenty of ‘white space to move into. These markets are the next in our planned rollout and we see Pepsi as the best partner to help us achieve this. This new joint venture marks a truly significant step in the expansion of the brand, bringing it within the reach of many millions of new consumers.(â€Å"Unilever PepsiCo† 2003). Moreover the alliance between Unilever and PepsiCo is expected to â€Å"enable Lipton to strengthen its global position. At the same time, we are rounding out our portfolio with a strategic partnership in one of the fastest growing beverage segments and providing consumers with Lipton, the world leader in tea. (â€Å"Unilever PepsiCo† 2003). Direct Competitor Analysis One of the major competitors for Lipton in the world ice tea market is Nestle Refreshment Company, maker of Nestea Ice Tea, well-known competitor for Lipton ice tea. Like Lipton-Unilever, Nestle Refreshment Company has forged agreement with another soda manufacturer, Coca Cola, to form the Coca Cola/Nestle Refreshment Company (Sturdivant 1992). Nestles alliance with Coca Cola has the same purpose as the Unilever PepsiCo joint agreement: global distribution. The strong presence of Coca Cola/Nestle ice tea in the United States and some parts of the globe remains a threat to the goals of Unilever PepsiCo to make Lipton the most dominant player in the global ice tea market. Coca Cola/Nestle has two major products: Nestea sweetened with natural lemon flavor and diet Nestea with natural lemon flavor. Both are available in 12 ounce cans and in 16 ounce wide mouth glass bottles. In addition to the cans and bottles, Nestea is available in refrigerated cartons (as in milk cartons) in the refrigerated sections of grocery stores and convenience stores. The tea is preservative free and made from a brewed product taken back down to a tea powder. While Nestle Coca Cola continues to develop the packaging and marketing strategies for Nestea Ice Tea, there are no recent announcements of impending new products or new flavors of ice tea to be developed soon. There is a limited flavor of Nestea Ice Tea which is basically the original ice tea flavor. The company has not shown interest to capture the emerging demand for healthy ready-to-drink ice tea products. This can be a good opportunity for Unilever PepsiCo to exploit. Lipton Ice Tea can continue to expand its market niche by capturing the growing market for healthy ready-to- drink ice tea. Unilever PepsiCo can exploit the limited flavors of Nestea Ice Tea. Recommendations/Conclusions: With the expected growth of the billion dollar ready-to-drink ice tea market, Lipton Ice Tea is poised to capture a bigger share of the market with an aggressive marketing strategy: from packaging to advertising. Short Term Goals: Improve market presence by 20% Short-Term Objectives Aggressive Marketing Strategy Unilever can take advantage of the positive press on the health benefits of tea to boost the sales of its ice tea product line. The company can use recent studies on the health benefits of tea as the basis of its press releases and advertising campaigns. Improve Packaging Currently, the Lipton Ice Tea are available globally in two sizes: the 16-oz bottle and 2 liter bottle. Unilever can come up with other packaging sizes to ensure that consumers will have other choices and that Lipton Ice Tea will be easily and readily available to consumers. Improve Shelf Presence Unilever PepsiCo can make a deal with retailers ensure retail shelf space and prominent positioning for Lipton Ice Tea. â€Å"Although an average shopper may not notice what brands are positioned in prominent places on shelves or how much room is allotted to each manufacturer, †¦shelf space and positioning as make or break factors in introducing new products† (Sturdivant 1992). Long-Term Goals: World Number One ready-to-drink ice tea Long-Term Objectives: Product Innovation Unilever PepsiCo must continue its innovative research and development strategy to come up with new flavors and products. Unilever has extensive research facilities on product improvement. The company can use its resources and professional expertise to come up with new flavors that will suit the continuous demand for healthy ready-to-drink ice tea. With aggressive marketing strategy and product positioning, Lipton Ice Tea is poised to take the global lead in ready-to-drink ice tea industry.

Status Of Transition From Socialism Essay -- essays research papers f

Vietnam is a country whose economy is evolving. Its rapidly changing economy is facing significant alterations in the process of transition. Vietnam is moving away from its current economy, which is a non-market socialist one, towards a market economy with a socialist orientation. Vietnam is one of the poorest countries in the world with a Gross Domestic Product of only $300. High levels of population along with the proper training will allow Vietnam to effectively use its number one resource, people. Australia plays a key role in assisting Vietnam's economic growth and development through their aid programs.   Ã‚  Ã‚  Ã‚  Ã‚  Economic reforms are changing Vietnam from an agricultural rich economy to a service industry one. Throughout the years, agriculture, as a percent of Gross national product, has decreased from year to year, while service and industrial are increasing. This steady decline is because of the changing situation with its economy. With this decrease, migration to cities and towns is usually normal, but not in this case, as Vietnam has stayed primarily rural. The main agricultural cash crops in Vietnam are rice, coffee, cashews, corn potatoes rubber, soybean and tea. Clothing, computers and electronics are a growing part of the economy as well. Tourism is the largest industry in the service sector.   Ã‚  Ã‚  Ã‚  Ã‚  In Vietnam land sales are not permitted. This is because of the communist rule, and the ownership of all land by the state. During the current economic reform to a market system of economy, household farms have replace the once popular collective farms. Land rights are guaranteed to the families for twenty years on farmland and fifty years for forestland. Though the farmers can still not own land they do have the right to use it, rent it, inherit it, and well as claim it as collateral.   Ã‚  Ã‚  Ã‚  Ã‚  The changing economy has caused the industrial and service sectors to steadily expand. With this increase, many are being dominated by state owned industries. Along with the escalating change towards a market economy, competition within the private sector has also risen due to the fact that state owned enterprises are increasing as well. If these state owned enterprises were private then economic efficiency would be increased as well. This in turn would benefit the Vietnam economy and people. Th... ...ng money into such areas but has also instituted programs in order to help Vietnam be more self-sufficient. They are training people in international law and human rights, as well as funding for research in the area of public and international policy. Along with the teaching and funding Australia is also monitoring the programs to make sure they are effective and being used to there full potential.  Ã‚  Ã‚  Ã‚  Ã‚   Vietnam is a country whose economy is going through changes and with the support of such countries such as Australia, Vietnam’s goal to move from its current economy, which is a non-market socialist one, towards a market economy with a socialist orientation is become closer to attain. The change of the economy and stable growth will help Vietnam raise it quality of living as well as open up doors to the country and its people. Bibliography The United Stated Library of Congress (http://lcweb2.loc.gov/frd/cs/vntoc.html) Gardener, L.C. et al. (1997) Vietnam: The Early Decisions. Austin: university of Texan Press. Karnow, Stanley (1983). Vietnam A History. New York: Penguin Books. Long, Robert Emmet (1986). Vietnam: The Early Decisions. New York: Wilson.

Do We Have a Throw Away Society

Do we have a throw-away society? A Swedish proverb says â€Å"don't throw away the old bucket until you know whether the new one holds water†. The sad story is that most of us today are throwing away so much, it is very likely that there will be no resources in the future. Many of our practices today are putting a lot of stress on future resources and we might soon find many of our needs unsatisfied because of our throw away attitude and careless practices. There are many reasons as to why we are subject to the jeopardy of a resource-deficient future.One of these is the constant demand for better lifestyles and standards of living. Another reason is our increased consumption of food, products and materials as well as our increased use of items that pollute our environment and make it unsafe for living. Society nowadays seeks better lifestyles and standards. We live in a society where technological advances have erupted and where everybody seeks towards the latest items attempt ing to obtain a high standard of living. However, luxury wants never seem to come to an end.Whenever a new model appears in a market, the older possessions of the same product soon become unwanted and obsolete. As a result, many earlier acquired models are disposed of instead of being recycled, or given to needy people who probably find this accommodation useful. â€Å"A study commissioned by Environment Canada estimated that 81,000 tons of  IT  and telecom equipment were disposed of in 2002. Computers and monitors accounted for 70% of this total. The study projected that disposal of  IT waste would increase to 91,000 tons in 2010. This study was made in 2002, where technology was not as advanced as it is nowadays. The amount of disposed items in 2011 is definitely larger than it was in 2002, as technology has advanced rapidly within the last decade. Moreover, as society promotes better living standards, money is largely being spent on luxurious products such as modern phones , modern cars, and other modern equipment, instead of being spent on necessities such as food and shelter. People have been working tremendously for longer hours in order to ensure a high standard of living for themselves and their families.However, they unfortunately do not take into account the amount of money spent on unnecessary products which could have been spent on necessities. This results in a throw-away society, where money is being thrown away like a pebble being thrown on a huge sea causing big ripples. http://www. statcan. gc. ca/pub/16-002-x/2008001/10539-eng. htm Consumption of products has been increasing every year. We live in a society where consumption is regarded as a positive way of life, leading to a healthy society.However, what society fails to realize is that the more we consume, the more products are being disposed or thrown away. This is due to the fact that we are being controlled by advertisements, which are mainly used in an attempt to increase profit, not to enhance the well-being of society. Because we’ve been told that disposing items instead of reusing them is better through advertisements, we find it difficult to make a decision towards such a subject. Single-time use items are increasing rapidly in markets, which encourages consumers to throw away such items after only one use, increasing literation. According to EPA the average American produces 1600 pounds of garbage per year. Multiply that by 300 million and you can begin to imagine the amount of trash that is produced. † Moreover, we judge people according to how much they consume. Sadly, we are usually judged by how much we consume instead of being judged on how efficiently we consume items. This creates an incentive for people of high standards to consume much more than is needed, marking us as a throw-away society.Financially supported people purchase valuable items that they don’t actually need in an attempt to be judged as people of high standing s within society. A person does not need more than a car to move from one place to the other and definitely does not need more than one phone to reach others. However, this is sorrowfully common in society nowadays. http://publicagenda. org/whoturnedoutthelights/number-of-vehicles-per-household According to the pie chart, 19. 9% of households in the US, probably those of financially supported families, have three or more cars, which is definitely a waste of resources.Unfortunately, we live in a throw-away society where resources are less important than consumption and high living standards. Our environment is being disturbed day after day. While society is living the present and not taking care about the future We are being recognized as a throw-away society because we are unaware of the effects of our action that are adversely affecting our planet and causing a fast deterioration in resources. The modern world society values the present much more than the

Vpn with Ipsec

1. Abstract The goal of VPNs is to provide a cost-effective and secure way to connect business to one another and remote workers to office networks. Network Security Protocols encompasses the basis for safe & reliable data transfer. These security devices should be able to provide accountability, access control, confidentiality, integrity, while all the time being cost effective. This provides us with different security protocols related to the transfer of data through a network.With a prevalent system of networks the frontier for world data communication, it is absolutely critical to be able to have these protocols provide the most secure service possible. In this report technical review IPSec protocol involved with Network Security. Internet Protocol Security (IPSec) It is a suite of protocol for securing IP communications by authentication and encryption of each IP packet of a communication session. IPSec also includes protocols for establishing mutual authentication between agent s at the beginning of the session and negotiating cryptography keys which is to be used during the session.IPSec is an end to end security scheme operating in the Layer of Internet of the IP suite. It can be used in protecting data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. 2. Introduction to VPN A VPN is a virtual private network, which is built on top of existing physical network that can provide a secure communication mechanism for data and other information transmitted between networks. Because VPN can be used over existing networks, such as the Internet, it can facilitate the secure transfer of sensitive data across public networks.This is often less expensive than alternatives such as dedicated private telecommunications lines between organizations or branch offices. VPNs can also provide flexible solutions, such as securing communications between remote telecommuters and the organization’s servers, rega rdless of where the telecommuters are located. A VPN can even be established within a single network to protect particularly sensitive communications from other parties on the same network. It is important to understand that VPNs do not remove all risk from networking.While VPNs can greatly reduce risk, particularly for communications that occur over public networks, they cannot remove all risk for such communications. One problem is the strength of the implementation. For example, flaws in an encryption algorithm or the software implementing the algorithm could allow attackers to decrypt intercepted traffic; random number generators that do not produce sufficiently random values could provide additional attack possibilities. Another issue is encryption key disclosure; an attacker who discovers a key could not only decrypt traffic but potentially also poses as a legitimate user.Another area of risk involves availability. A common model for information assurance is based on the conce pts of confidential, integrity, and availability. Although VPNs are designed to support confidentiality and integrity, they generally do not improve availability, the ability for authorized users to access systems as needed. In fact, many VPN implementations actually tend to decrease availability somewhat, because they add more components and services to the existing network infrastructure. This is highly dependent upon the chosen VPN architecture model and the details of the implementation. 3. 1 VPN TechnologiesThe Internet is a shared public network of networks with open transmission protocols. Therefore, VPNs must include measures for packet encapsulation (tunneling), encryption, and authentication to ensure that sensitive data reaches its destination without modifying by unauthorized parties. Fig: IP Packet 2. 2 Tunnels The thing that makes a Virtual Private Network â€Å"virtually private† is known as tunnel. Even though you access your network via Internet, you’r e not really â€Å"on† the Internet, you are actually â€Å"on† your company network. Although the term â€Å"tunnel† feels like it’s describing a fixed path through the Internet, this is not the case.As with any Internet traffic, VPN tunnel packets may take different paths between the two endpoints. 2. 3 Encryption Encryption is a technique for scrambling and unscrambling information. The information which is unscrambled is called clear-text, and the information which is scrambled is called cipher-text. At either end of your VPN tunnel sits a VPN gateway in hardware of software form. The gateway at sending location encrypts the information into cipher text before sending the encrypted information through the tunnel over the Internet. The VPN gateway at receiving location decrypts the information back into clear-text. . 4 Keys A key is the secret code that the encryption algorithm uses to create a unique version of cipher-text. To put it in simpler terms, two people might go to the hardware store and buy the same lock off the shelf, but their combinations are different. In VPN encryption, the method may be the same (like the lock), but our keys are different (like the combination). Of course, VPN locks have a lot more than three numbers on the dial combination. As a matter of fact, transmission security strength depends on the length of the keys which you use. Here’s the formula: 8-bit keys = 256 combinations or two to the eighth power (28) †¢ 16-bit keys = 65,536 combinations or two to the 16th power (216) †¢ 56-bit keys = 72,057,594,037,927,900 or two to the 56th power (256) †¢ And so on†¦ In other words, if you used a 16-bit key, a fake attacker might have to make 65,536 attempts at cracking your combination. Obviously, this would be a quick and simple task for computers. That’s why a lot of VPN products on the market today are using 168-bit keys, creating 374,144, 419,156,711,000,000,000,000,000 ,000,000,000,000,000,000,000 Possible combinations.There are some enterprises out there going even higher. Even the fastest computers today would need extended time to crack a code that is complex. You might be tempted to make a policy of always using the highest-bit encryption method available, but keep in mind that processing such complicated cipher-text will require significant, dedicated CPU processing power. There are other ways to use keys to the outmost security to fit your needs. For example, it does, indeed, take time to crack the higher-bit keys. If you establish a policy of periodically changing your keys, the trespassers won’t be able to keep up. . 4. 1 Symmetrical Keys Symmetrical keys means the same key is used at each end of the tunnel to encrypt and decrypt information. Because a symmetrical key is being shared by both parties, there must be an understanding between the two to take appropriate steps to keep the key secret, which is why symmetrical keys are oft en referred to as â€Å"shared secrets. † These keys become more difficult to distribute, since they must be kept confidential. A technique called â€Å"key splitting† may be employed to reduce the potential of key disclosure during transit.This allows participants to use public channels such as the Internet. More commonly, however, distribution of symmetrical keys is more of a manual operation using paper, removable media, or hardware docking. 2. 4. 2 Asymmetrical Keys Asymmetrical keys are slightly more complicated, but, logistically, much easier to manage. Asymmetrical keys allow information to be encrypted with one key and decrypted with a different key. The two keys used in this scenario are referred to as private and public keys, or the ones you keep to yourself and the ones you distribute to your remote users.Consider this example: Let’s call our business FQT and HIQT. FQT has a set of two keys, a public key and a private key. His public key has been prog rammed to encrypt data so that only his own private key can decipher it. In order to communicate securely, FQT hands his public key to HIQT and tells him to encrypt anything he sends with that code. Using this asymmetrical keying method, both are assured that only FQT will be able to read those transmissions because he retains the private decoder key. If the communication is to be bi-directional, HIQT would share his public key with FQT in the same manner. . 5 Key Management Configuring pre-shared secrets in smaller VPNs does not necessarily require software automation or large infrastructure investments. However, larger networks might benefit from deploying a Public Key Infrastructure (PKI) to create, distribute, and track digital certificates on individual-user basis. You can use pre-shared keys or digital signatures if your equipment supports these authentication alternatives. However, if you decide to use certificates, there are options. For example, you may use third-party Cert ificate Authority services.Or, you may build your own Certificate Authority using software from Entrust, Xcert, or Baltimore Technologies. Either option will help you establish a comprehensive PKI, which is especially useful in large organizations needed to extend secure, limited network access beyond their own internal users to business partners and customers. 2. 6 Authentication The last bit of housekeeping involved in VPN transmission is authentication. At this step, recipients of data can determine if the sender is really who he says he is (User/System Authentication) and if the data was redirected or corrupted enroute (Data Authentication). . 6. 1 User/System Authentication Consider, again, our two business named FQT and HIQT. When FQT receives a message signed from HIQT, FQT picks a random number and encrypts it using a key which only HIQT should be able to decode. HIQT then decrypts the random number and re-encrypts it using a key only QT should be able to decode. When FQT ge ts his number back, he can be assured it is really IQT on the other end. 2. 6. 2 Data Authentication In order to verify that data packets have arrived unaltered, VPN systems often use a technique involving â€Å"hash functions. A hash function creates a sort of fingerprint of the original data. It calculates a unique number, called a hash, based on fixed or variable length values of unique bit strings. The sender attaches the number to the data packet before the encryption step. When the recipient receives the data and decrypts it, he can calculate his own hash independently. The output of his calculation is compared to the stored value appended by the sender. If the two hashes do not match, the recipient can be able to assume the data has been altered. 3.VPN Protocols used for tunneling 3. 1 IPSec IPSec is a standard for secure encrypted communication that provides two security methods: Authenticated Headers (AH) and Encapsulating Security Payload (ESP). AH is used to authenticate packets, whereas ESP encrypts the data portion of packets. It can work in two different modes: transport mode and tunnel mode. IPSec is commonly combined with IKE as a means of using public key cryptography to encrypt data between LANs or between a client and a LAN. IKE provides for the exchange of public and private keys. 3. 2 PPPIn networking, the Point-to-Point Protocol (PPP) is commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption, and compression. 3. 3 L2TP Layer 2 Tunneling Protocol (L2TP) is an extension of the long protocol used to establish dial-up connections on the Internet, Point-to-Point Protocol (PPP). L2TP uses IPSec rather than MPPE to encrypt data sent over PPP. 3. 4 PPTP Point-to-Point Tunneling Protocol (PPTP) is commonly used by remote users who need to connect to a network using a dial-in connection of modem.PPTP uses Microsoft Point-to-Point Encryption (MPPE) to encrypt data that passes between the remote computer and the remote access server. 3 Technical Review of IPSec over VPN 4. 1 IPSec IPSec is the Internet standard protocol for tunneling, encryption, and authentication. It was designed to protect network traffic by addressing basic usage issues including:- †¢ Access control †¢ Connection integrity †¢ Authentication of data origin †¢ Protection against replays †¢ Traffic flow confidentiality The IPSec protocol allows two operational modes.In Transport mode, everything behind the packet and not including the IP header is protected. In Tunnel mode, everything behind and including the header is protected, requiring a new pseudo IP header. While the IPSec protocol was under development, two other protocols — L2TP and PPTP used as temporary solutions. L2TP (Layer 2 Tunneling Protocol) encloses non-Internet protocols such as IPX, SNA, and AppleTalk inside an IP envelope. However, L2TP has to rely on other protocols f or encryption functions. PPTP (Point-to-Point Tunneling Protocol) is a proprietary Microsoft encryption and authentication protocol.Although originally developed as a temporary solution, Microsoft continues to deploy L2TP as its tunneling protocol instead of IPSec tunneling. When comparing the three, IPSec is, the most widely used protocol, and the only one that addresses future VPN environments (such as new IP protocols). 4. 1. 2 IPSec Architecture The architecture of the IPSec implementation refers to the selection of device and software to provide IPSec services and the placement of IPSec endpoints within the existing network infrastructure.These two considerations are often closely tied together; For example, a decision could be made to use the existing Internet firewall as the IPSec gateway. This section will explore three particular aspects of IPSec architecture:- gateway placement, IPSec client software for hosts, and host address space management. Fig: Gateway-to-Gateway VPN for Remote Office Connectivity 4. 1. 3 IPSec Functions Internet Protocol Security (IPSec) has emerged as the most commonly used network layer security control for protecting communications. IPSec is a framework of open standards for ensuring private communications over IP networks.Depending on how IPSec is implemented and configured, it can provide any combination of the following types of protection: Confidentiality. IPSec can ensure that data cannot be read by unknown parties. This is accomplished by encrypting data using a cryptographic algorithm and a secret key. A value known only to the two parties exchanging data. The data can only be decrypted by someone who has the secret key. Integrity. IPSec can determine if data has been changed (intentionally or unintentionally) during transit. The integrity of data can be assured by enerating a message authentication code (MAC) value, which is a cryptographic checking sum of the data. If the data is altered and the MAC is recalculated , the old and new MACs will be different. Peer Authentication. Each IPSec endpoint confirms the identity of the other IPSec endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from the expected host. Replay Protection. The same data is not delivered multiple times, and data is not delivered grossly out of order. However, IPSec does not ensure that data is delivered in the exact order in which it is sent.Traffic Analysis and Protection. A person monitoring network traffic does not know which parties are communicating, how often communications are occurring, or how much data is being exchanged. However, the number of packets being exchanged can be counted. Access Control. IPSec endpoints can perform filtering to ensure that only authorized IPSec users can access particular network resources. IPSec endpoints can also allow or block certain types of network traffic, such as allowing Web server access but denying file sharing. 4. 1. 4 IP Sec FundamentalsIPSec is a collection of protocols that assist in protecting communications over IP networks. IPSec protocols work together in various combinations to provide protection for communications. The three primary components of the IPSec protocol that provides the protections for the communication are ESP, AH and IKE. Encapsulating security Payload (ESP) ESP is the second core IPSec security protocol. In the initial version of IPSec, ESP provided only encryption for packet payload data. It can perform authentication to provide integrity protection, although not for the outermost IP header.Also, ESP. s encryption can be disabled through the Null ESP Encryption Algorithm. Therefore, in all but the oldest IPSec implementations, ESP can be used to provide only encryption; encryption and integrity protection; or only integrity protection Authentication Header (AH) AH, one of the IPSec security protocols provides integrity protection for packet headers and data, as well as user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets.In the initial version of IPSec, the ESP protocol could provide only encryption, not authentication, so AH and ESP were often used together to provide both confidentiality and integrity protection for communications. Because authentication capabilities were added to ESP in the second version of IPSec AH has become less significant; in fact, some IPSec software no longer supports AH. However, AH is still valuable because AH can authenticate portions of packets that ESP cannot. Internet Key Exchange (IKE) The purpose of the Internet Key Exchange (IKE) protocol is to negotiate, create, and manage security associations.Security association is a generic term for a set of values that define the IPSec features and protections applied to a connection. It can also be manually created, using values agreed upon in advance by both parties, but these security associations c annot be updated; this method does not scale for a real-life large-scale VPNs. In IPSec, IKE is used to provide a secure mechanism for establishing IPSec-protected connections. 4. 1. 5 IPSec Protocol Basics Transport mode is used to provide secure communications between hosts over any range of IP addresses.Tunnel mode is used to create secure links between two private networks. Tunnel mode is the obvious choice for VPNs; however, there are some concerns about using tunnel mode in a client-to-site VPN because the IPSec protocol by itself does not provide for user authentication. However, when combined with an authentication system like Kerberos, IPSec can authenticate users. 4. 1. 6 Cryptography Used in IPSec Sessions Cryptography policy involves choosing encryption and integrity protection algorithms and key lengths. Most IPSec implementations offer the HMAC-MD5 and HMAC-SHA-1 hashing algorithms.Neither of these algorithms is computationally intensive. Although both plain MD5 and pl ain SHA-1 have known weaknesses, both are still considered sufficiently secure in their HMAC versions. In some implementations of IPSec, the cryptography policy settings are not immediately apparent to admin. The default settings for encryption and integrity protection, as well as the details of each setting, are often located down several levels of menus or are split among multiple locations. It is also challenging with some implementations to alter the settings once they have been located. . 1. 7 Authentication Used for Identifying IPSec IPSec implementations typically support two authentication methods: pre-shared keys and digital signatures. To use pre-shared keys, the IPSec admin creates a key or password string, which is then configured in each IPSec device. Pre-shared keys are the simplest authentication method to implement, but key management is challenging. Because of scalability and security concerns, pre-shared key authentication is generally an acceptable solution only f or small-scale implementations with known IP addresses or small IP address ranges.In the digital signature method, a certificate identifies each device, and each device is configured to use certificates. Two IPSec endpoints will trust each other if a Certification Authority (CA) that they both trust has signed their certificates. Many organizations are currently implementing public key infrastructures (PKI) for managing certificates for IPSec VPNs and other applications such as secure e-mail and Web access. 5. Conclusion VPNs allow users or corporations to connect to remote servers, branch offices, or to other companies over internetwork of public, while maintaining secure communications.In all of these cases, the secure connection appears to the user as a private network communication—despite the fact that this communication occurs over internetwork of public. VPN technology is designed to address issues surrounding the current business trend toward increased telecommuting a nd widely distributed global operations, where workers must be able to connect to central resources and communicate with each other. This paper provides an overview of VPN, VPN over IPSec and describes the basic requirements of useful VPN technologies: user authentication, address management, data encryption, key management, nd multiprotocol support. 6. Reference 1. S. Farnkel, K. Kent, R. Lewkowski. (December 2005). Guide to IPSec VPN. Available: http://csrc. nist. gov/publications/nistpubs/800-77/sp800-77. pdf. Last accessed January 20 2011. 2. Tom Olzak. (Jan22, 2007). SSTP: Microsoft VPN. Available: http://www. techrepublic. com/blog/security/sstp-microsofts-vpn/149. Last accessed 25 January 2011. 3. Open VPN. (2011). Open VPN cryptographic layer. Available: http://openvpn. net/index. php/open-source/documentation/security-overview. html. Last accessed 28 January 2011. 4. Erik Rodrigues-Types of VPN [online]. Resources as well as Images) Available from: http://www. skullbox. net /vpn. php[Accessed on: Feb 12 2011] 5. Internet Protocol Security [online]. Available from: http://www. interpeak. com/files/ipsec. pdf[Accessed on: Feb 4 2011] 6. SSL VPN VS. IPSec VPN [online]. Available from: http://www. arraynetworks. net/ufiles/File/SSLVPNvsIPSecWhitePaper021006. pdf[Accessed on: January 29 2011] 7. Available from: http://www. windowsecurity. com/articles/VPN-Options. html[Accessed on: Feb 14 2011 ] 8. Download the Green Bow IPSec VPN client [online]. Available from: www. thegreenbow. com/vpn/vpn_down. html [Accessed on: Feb 2012] . YouTube video of using the Green Bow software Available from: http://www. youtube. com/watch? v=m6fu6saaNhQ [Accessed on: Jan 29 2008] 7. Appendix The step by step setup of â€Å"The Green Bow IPSec VPN client† is described below. Running the setup file. Language screen appears and click OK. Fig: Choose language screen. Welcome screen appears and click next. Fig: Setup Welcome screen. License and information regarding license s then click I Agree. Fig: License and information screen. Install location screen appears and click next. Fig: Installation location screen. Choosing start menu folder screen appears and click Install.Fig: start menu folder screen. Installing screen appears. Fig: Installing setup screen. Windows Security screen appears and click install. Fig: Windows Security screen. Setup Complete screen appears and click finish Fig: Completing Setup screen. How to use This Software System Tray Icon VPN Configuration Three step Configuration Wizard Step 1 of 3: Choice of remote equipment You must specify the type of the equipment at the end of the tunnel: VPN gateway. Step 2 of 3: VPN tunnel parameters You must specify the following information: the public (network side) address of the remote gateway he preshared key you will use for this tunnel (this preshared key must be the same as key in the Gateway) the IP address of your company LAN (e. g. specify 192. 168. 1. 0) Step 3 of 3: Summary The thi rd step summaries your new VPN configuration. Other parameters may be further configured directly via the ‘Configuration Panel' (e. g. Certificates, virtual IP address, etc). VPN Tunnel Configuration How to create a VPN Tunnel? To create a VPN tunnel from the Configuration Panel (without using the Configuration Wizard), you must follow the following steps: 1. Right-click on ‘Configuration' in the list window and select ‘New Phase 1' 2.Configure Authentication Phase (Phase 1) 3. Right-click on the ‘new Phase 1' in the tree control and select ‘Add Phase 2' 4. Configure IPSec Phase (Phase 2) 5. Once the parameters are set, click on ‘Save ; Apply' to take into account the new configuration. That way the IKE service will run with the new parameters 6. Click on ‘Open Tunnel' for establishing the IPSec VPN tunnel (only in â€Å"IPSec Configuration† window) VPN Configuration Please refer to Phase 1 and Phase 2 for settings descriptions. Authe ntication or Phase 1 What is Phase 1? ‘Authentication' or ‘Phase 1' window will concern settings for Authentication Phase or Phase 1.It is also called IKE Negotiation Phase. Phase 1's purpose is to negotiate IKE policy sets, authenticate the peers, and set up a secure channel between the peers. As part of Phase 1, each end system must identify and authenticate itself to the other. Interface Network interface IP address of the computer, through which VPN connection is established. Remote Gateway IP address or DNS address of the remote gateway (in our example: gateway. domain. com). This field is necessary. Pre-shared key Password or shared key with the remote gateway. IKE Encryption algorithm used during Authentication phase (DES, 3DES, AES, AES128, AES192, AES256).Authentication algorithm used during Authentication phase (MD5, SHA-1, SHA-256). Key group is key length. Phase1 Advanced Settings Description Config-Mode If it is checked, the VPN Client will activate Config-M ode for this tunnel. Config- Mode allows VPN Client to fetch some VPN Configuration information from the VPN gateway. If Config-Mode is enabled, and provided that the remote Gateway supports, the following Parameters will be negotiated between the VPN Client and the remote Gateway during the IKE exchanges (Phase 1): Virtual IP address of the VPN Client DNS server address (optional)WINS server address (optional) Aggressive Mode If checked, the VPN Client will used aggressive mode as negotiation mode with the remote gateway. IPSec Configuration or Phase 2 What is Phase 2? ‘IPSec Configuration' or ‘Phase 2' window will concern settings for Phase 2. The purpose of Phase 2 is to negotiate the IPSec security parameters that are applied to the traffic going through tunnels negotiate during Phase 1. Phase 2 Settings Description VPN Client address Virtual IP address used by the VPN Client inside the remote LAN: The computer will appear in the LAN with this IP address.It is import ant this IP address should not belong to the remote LAN (e. g. , in the example, you should avoid an IP address like 192. 168. 1. 10). Address type The remote endpoint may be a LAN or a single computer, In case the remote endpoint is a LAN, choose â€Å"Subnet address† or â€Å"IP Range†. When choosing â€Å"Subnet address†, the two fields â€Å"Remote LAN address† and â€Å"Subnet mask† become available. When choosing â€Å"IP Range†, the two fields â€Å"Start address† and â€Å"End address† become available, enabling TheGreenBow IPSec VPN Client to establish a tunnel only within a range of a predefined IP addresses.The range of IP addresses can be one IP address. Incase the remote end point is a single computer, choose â€Å"Single Address†. When choosing â€Å"Single address†, only â€Å"Remote host address† is available. Remote address This field is â€Å"Remote LAN address† depending of the add ress type. It is the remote IP address or LAN network address of the gateway that opens the VPN tunnel. Phase2 Advanced Settings Script configuration Scripts or applications can be enabled for each step of a VPN tunnel opening and closing process: Before tunnel is opened Right after the tunnel is opened Before tunnel closes Right after tunnel is closedRemote Sharing Global Parameters Lifetime (sec. ) Default lifetime for IKE rekeying. Minimal lifetime for IKE rekeying. Maximal lifetime for IKE rekeying. Default lifetime for IPSec rekeying. Maximal lifetime for IPSec rekeying. Minimal lifetime for IPSec rekeying. Dead Peer Detection (DPD) Check interval (sec. ) Interval between DPD messages. Max number of retries Number of DPD messages sent. Delay between retries (sec. ) Interval between DPD messages when no reply from remote gateway. Miscellaneous Retransmissions How many times a message should be retransmitted before giving up. USB Mode Step 1 Step2 Step3 Step4