Tuesday, January 28, 2020

Penetration Testing Scope

Penetration Testing Scope The main objective of this document is to provide the readers a view on importance of Penetration test in network security and how it will overcome the network security issues and how organizations are determining their security weaknesses in their network infrastructures. With the help of this document, readers can obtain knowledge about advantages, strategies, types, tools and techniques of the penetration testing. Introduction: Penetration testing method is one of the oldest network security techniques for evaluating the securities of a network system. Penetration testing method used by Department of Defence in early 1970s to determine the security weaknesses in computer system and to initiate the development of programs to create more secure system. Using penetration testing, organization can fix their security weaknesses before they get unprotected. Many companies are using this method because penetration testing will provide proper security information systems and services to the organizations network systems. Organization can reduce risk in their network system using penetration testing tools and techniques. The main objective of the penetration testing is to evaluate the security weaknesses of the organizations network systems. Penetration testing has more secondary objectives and that will help the organization to identify their security incidents and also test the security awareness of the employees. Scope and Goals of the Penetration Testing: Identifying gaps in security: Organization can identify the gap of the system security and company can develop an action plan to reduce the threat with the help of penetration test. Help to create strong business case: A penetration test result document will help the manager to create a strong business case to produce the security message at the implementation stage. To discover new threats: Penetration testing measures will help the organization to find the new threats. To focus on internal security resources: A Penetration test and its security analysis allow the organization to focus internal security resources. To meet regulatory compliances: Organization can meet their regulatory compliances using penetration testing tools. To find weakest link: Penetration test and security audit will assist the firm to find the weakest link in their intricate structure and it will provide baseline security for all typical entities. Provide validation feedback: Penetration test deliver validation feedback to business entities and security framework that lead the organization to reduce the risk in the implementation. Phases of the Penetration Test: Discovery Planning Attack Reporting Additional Discovery Planning Phase: Scope of the test will be defined in planning phase. In this phase, testing team will get the approvals, documents and agreements like NDA (Non-Disclosure Agreement) and they will set the baseline for effective penetration test after that documents are signed. Penetration test team will get certain input from existing security plan, industry standards and best practices while defining their scope for the test. No real testing activity happens in the planning stage. Factor influencing the successful Penetration test: Time: Legal restriction: Discovery Phase: The real testing activity will start from this phase. In this stage, they used to identify the potential target using network scanning and to gather information using port scanning and other techniques. Vulnerability is the second part of this discovery phase. In this stage, application, operating system and services are equated against vulnerability database. Normally human testers use their own database or public database to find vulnerabilities manually. Compare with automated testing, manual testing is better way to identify the new vulnerabilities but this type of testing is time consuming unlike automated testing. This Phase can be further Characterized as: Footprinting Phase Canning and Enumeration Phase Vulnerability Analysis Phase Footprinting Phase: The process of footprinting is a completely non-disturbing activity executed to get information available about the target organization and its system using various resources, both technical and non-technical. This process includes probing the internet, querying various public repositories (Database, Domain registrar, Usenet groups and mailing list). In this phase, penetration tester will gather significant information and confidential data through internet without probing the target system. Penetration tester will conduct the social engineering attacks for that they will collect valuable information like IT setup details, e-mail address of the company, device configuration and username and password. In this phase, penetration tester tries to find various loopholes and try to explore data leakage about the target organization in shortest time period. Mostly procedure of this phase can be automated using customized script and small programs. Scanning and Enumeration: The scanning and enumeration phase includes lot of activity like identifying the live system, open / filtered ports found, service running on these ports, identifying the operating system details, network path discovery, mapping router / firewall rules, etc. Penetration tester must be careful while using the tools for these activities because they should not overwhelm the target systems with extreme traffic. Before going into live scenario, successive phase should be tested completely in a testing environment. Types of Port Scanner: Nmap SuperScan Hping Services should be fingerprinted either manually or using existing tools after successfully identifying the open ports. Penetration tester will provide exact name and version of the services which running on the target system and the underlying Operating system before including these in the final report. Also this will help to identifying and removing numerous false positive found later. Existing Fingerprint Tools: Xprobe2 Queso Nmap Amap Winfingerprint P0f Httprint Vulnerability Analysis: In this stage, penetration tester will try to identify possible vulnerabilities existing in each target system after identifying the target systems and collecting required details from the previous phase. During this stage penetration tester may use automated tools to find the vulnerabilities in the target systems. These tools have their own record containing of latest vulnerabilities and their details. In vulnerability analysis stage, penetration tester will test the systems by giving invalid inputs, random strings, etc. to check for any errors or unintended behaviour in the systems output. Penetration tester should not depend only on his experience because a successful penetration tester should be up to date with latest security related activities and join with security related mailing-lists, security blogs, advisories, etc. to keep him updated to the latest vulnerabilities. Types of Vulnerability Scanners: Nessus Shadow Security Scanner Retina ISS Scanner SARA GFI LANguard Attack Phase: Attack phase is a vital stage in penetration testing, the most challenging and interesting phase for the penetration tester. This Phase can be further Characterized as: Exploitation Phase Privilege Escalation Phase Exploitation Phase: In this phase, penetration tested will try to identify activities for the various vulnerabilities found in the previous stage. Penetration tester can get more resources from internets that provide proof-of-conception exploits for most of the vulnerabilities. In exploitation stage, all exploit should be tested thoroughly before going for a real implementation. If any vulnerabilities critical system not exploited then penetration tester should give sufficient documented proof-of-concepts about the impact of the vulnerability on the organizations business. Exploitation Frameworks: Metasploit Project Core Security Technologys Impact Immunitys CANVAS Instead of running exploitation, penetration tester need to use the full potential framework to reduce the time in writing custom exploits. Gaining Access Discovery Phase Rising Privilege System Surfing Install Add Test Software Enough data has been Gathered in the discovery phase to make an attempt to Access the target. If only user-level access was obtained in the last step, the tester will now seek to gain complete control of the system. The information gathering process begins again to identify mechanism to gain access to trusted system. Additional presentation testing software is installed to gain additional information and/or access. Attack Phase Step with Look back to Discovery Phase Privilege Escalation: In this stage, penetration tester will make further analysis to get more information that will help to getting administrative privileges. Before continuing further process, penetration tester should get the prior permission from the target organization. Penetration tester will maintain his all activity report because in the reporting stage that will be the proof for all the activities completed. Tester may install additional software for higher level of privilege. Reporting Phase: Reporting stage is the last phase in the penetration test methodology. Reporting phase will parlay occurred with other three stages or it will happen after attack phase. This reporting phase is very vital stage and this this report will cover both management and technical aspects, provide detailed information about all findings, figures with proper graphs. Penetration tester will provide suitable presentation of the vulnerabilities and its impact to the business of the target organization. Final document will be detailed and it will provide technical description of the vulnerabilities. Penetration tester should meet the client requirement in the documents also document should be detailed and that will show the ability of the successful penetration tester. Report Consist of: Executive Summary Detailed Findings Risk level of the Vulnerabilities found Business Impact Recommendations Conclusion Penetration Testing Strategy: External Testing Strategy: In this strategy, process made from outside the organizations system to refers attack on the organizations network border, this may be through Internet or Extranet. External testing strategy will start with clients publically accessible information. Naturally the External testing approach will executed with non-disclosure or fully disclosure environment. This test will target the organizations externally visible server or device like Domain Name Server (DNS), Firewall and E-mail server. Internal Testing Strategy: Internal testing approach executed from inside the organizations technology environment. The focuses of the internal testing strategy is to know what could occur if the network border were penetrated effectively or what an authorized user could do to penetrate specific information resources inside the organizations network. Both type of testing techniques are similar but the result of both tests will vary prominently. Blind Testing Strategy: Blind testing approach targets at pretending the activities and processes of a real hacker. In this approach, testing team will provide limited information about organizations systems configuration. The penetration testing team gather information about the target to conduct its penetration test using publically available information like company web-site, domain name registry, internet discussion board and USENET. This testing approach can provide lot of information about the organization but this method of testing is very time consuming. Double Blind Testing Strategy: This testing strategy is an extension of blind testing approach. In this testing approach, IT and security staff of the organization will not informed earlier and are blind to the strategic testing activities. Double blind testing strategy is a vital component of testing because it can test the organizations security monitoring and incident identification, escalating and response procedure. The main objective of this testing approach is only few people from the organization will aware of this testing activity. Once the objective of the test has been achieved then project manager will terminate the response procedure of the organization and testing procedures. Targeted Testing Strategy: Another name of this testing strategy is lights-turned-on approach. In this testing approach, both organizations IT staff and penetration testing team involve in this testing activities. In this test, there will be a clear understanding of testing actions and information about the target and network design. Targeted testing approach is very cost effective because this test mainly focused on technical setting or design of the network. This test can executed in less time and effort unlike blind test but this approach will not give clear picture of an organizations vulnerabilities and response capabilities. Types of Penetration testing There are many type of penetration test available to test the network security of an organization. But type of penetration test may depend upon the organizations needs to test their network. Black-box Testing: White-box Testing: DOS (Denial Of Service): This type of testing tries to identify the weaknesses on the system through exhausting the targets resources because it will stop responding to legal request. Denial of service testing can perform on both manually and automated tools. This test is classified into two types such as software exploits and flooding attacks. The level of this test depending upon the penetration tests information system and related resources. There are more formats in this test such as: Application Security Testing: Application security testing will protect the confidentiality and reliability of information using applications encryption and objective of this testing is to assess the control over the applications (Electronic commerce server, on-line financial applications, distributed applications and internet front ends to legacy systems) and its process flow. Components of Application Security Testing: Code Review: In this type of testing, analysing the code of the application because it should not contain the sensitive data. Authorization Testing: Authorization testing includes Analysing the system initiation and maintenance of the user sessions like Input validation of login fields, Cookies security and lockout testing. Functionality Testing: Functionality testing involves testing the functionality of the application such as input validation and transaction testing as presented to a user. War Dialling: Tools for Penetration Testing: Reconnaissance Tools: Nmap (Network Mapper): Network mapper (Nmap) is a powerful port scan tool and its a part of reconnaissance tools of penetration testing. Network mapper has ability to regulate the operating system of the target system. Network mapper maintains a database for the target computer to find its operating systems resospnse3. Network mapper is a permitted product for network security review. Network mapper was intended to quickly scan big network but it will work fine against single network. Network mapper is compatible with all major operating system like Windows, Linux and MAC operating system.2. Features of the Network mapper (Nmap) Flexible Nmap will support different advanced techniques for mapping out networks such as firewalls, IP filters and other obstacles. This tool also contains port scanners mechanism (TCP UDP), version detection, version detection, Prevailing Portable Easy Free Well documented Supported Acclaimed Popular http://www.computerworld.com/s/article/9087439/Five_free_pen_testing_tools http://nmap.org/ http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf https://buildsecurityin.us-cert.gov/bsi/articles/tools/penetration/657-BSI.html Nessus Nessus is a vulnerability assessment tool and its free domain software released by GPLS. This tool is intended to identify the security problem. Nessus helps the management people to rectify the security problem before exploitation. Client server technology is very powerful features of Nessus. Penetration tester can test from various point of the server because Different server technology placed in various place. It can control the entire server using multiple distributed clients or central client. This tool is very flexible for penetration tester because it can run on different operating system like MAC OS X and IBM/AIX but most of the server portion will run on UNIX. Features of the Nessus: Up-to-date security vulnerability Database Nessus tool will check the database regularly and Nessus can receive with the command Nessus-update-plugins. This tool will monitor all the plugins data. Remote and Local security Nessus has the ability to detect the remote faults of the host in a network and also it will remove local flaws and omitted areas. Scalable Nessus is very scalable because it can run on a computer with low memory. If we give more power to this tool then it can scan our system quickly. Plug-Ins Every security test will be written in NASL; also its printed as an exterior plugin. For updating the Nessus, it will not download binaries from internet and to understand the result of the Nessus report, every NASL can be read and modified. NASL (Nessus Attack Scripting Language) The Nessus security Scanner contain NASL, its a designed language to inscribe security test easily and quickly. NASL run in a controlled environment on top of a virtual device, this will make the Nessus a very secure scanner. Smart Service Recognition with Multiple Services Nessus tool helps to recognize the FTP server which running in an unidentified port. This is the first tool to hold this facility. If the host runs the similar services twice or more then Nessus can scan all of them. Full SSL Support and Non-Destructive This tool has the ability to scan SSL services like https, imaps, smtps and more. Nessus tool can integrate with PKI field environment. Nessus is the first scanning tool has this feature. Nessus tool will give more option to the tester to perform a regular non-destructive security audit. Packet Manipulation and Password Cracking Tools Exploitation Tools Metasploit Version Metasploit framework is both penetration testing system and a development platform for creating security tools and techniques. Metasploit framework comprises of tools, modules, libraries and user interfaces. Metasploit framework used to network security and network security professionals will use this framework to conduct penetration test, system administrators to verify the patch connection, to perform regression testing by product vendors, and security researcher world-wide. This tool offers valuable information and tools for penetration tester security researcher. Metasploit framework written in Ruby programming language and contains components written in C and assembler. The basic function of this tool is a Module launcher, allow the user to organize the exploit module and launch the module at target system. Metasploit is very user friendly to the penetration tester to conduct the test and it will give full network penetration testing capabilities. Metasploit is an open source framework and largest combined public databank of exploits. Security Forest exploitation Framework Limitations of Penetration Testing: Penetration testing will not identify all vulnerabilities because normally this test will carried out as Black Box exercises. Penetration test will not provide information about new vulnerabilities those weaknesses identified after the test. Penetration tester will not have sufficient information about the system. Compare with vulnerability assessments, penetration test is not the correct way to identify the weaknesses because vulnerability assessments can identify more issue than penetration testing using diagnostic review of all systems and all servers. Penetration test does not have that much time to evaluate and identify the vulnerabilities and penetration testing is a snapshot for an organization and its network security. Conclusion: Scope of the penetration testing should be increased. Time period of penetration testing is very limited. Time limit of penetration testing needs to be increased, then testing team can identify more issues and testing team can protect the network security of an organization. Further action needs to be taken against vulnerabilities that identified as a result of penetration test. Penetration Testing Definitions: Penetration test is a method to assess the organizations data security system in dynamic way. The information security system of an organization will be tested to identify any security issues. In other way, penetration test is a theoretical or paper based audit. What is Penetration Test? Penetration test is a sequence of actions to find and exploit security weaknesses of the systems. Penetration test naturally includes group of people financed by the organization and Department of Internal Audit or IT department to conduct the test. Penetration test team member attempts to accomplish vulnerabilities in the system security of the organization using tools and techniques of the penetration test. The goal of the testing tem is to find out security weaknesses under controlled circumstances to eliminate the vulnerabilities before unauthorised users can exploit them. Penetration testing is an authorised action to correct the hackers (unauthorised users) activities. Penetration test is a better way to find the security weaknesses that exist in a network or system. Penetration test result will increase the awareness of the management people and also it will assist them to take an important decision making processes. Management people can find their system security weaknesses conducting penetration test in their organization. Depending upon the organization penetration test will differ and time frame of the test will depend on the type of test. If the penetration test is conducted badly then this test have serious costs like system roaring and cramming. Organization needs to have dynamic consent on this test while conducting or performing.

Monday, January 20, 2020

Living with Feng Shui :: essays research papers

â€Å"Your home is your sanctuary,† but, when entered, does the home create feelings of stress and chaos, instead of calming and providing refuge? No matter how much a person cleans, a home can still feel as if it is in constant disarray. The Chinese commonly remedy these complaints by using the art of feng shui. Simple placement of certain objects in mapped areas of a home can bring great respite to an otherwise chaotic environment. American society classifies feng shui as just another idea based on superstitions, for example, black cats and broken mirrors. Actually, feng shui, pronounced â€Å"fung shway,† is the ancient craft of interpreting and manipulating energy in the environment to create harmonious space by stimulating good chi’, or energy, and staunching the negative flow. Feng shui, meaning wind and water, was created based on the ancient Taoist metaphysical outlook on nature. The Taoist’s examined their surrounding environment and saw the unity in the different elements of the universe. By identifying the energy in the land around them, the Taoist’s were able to point out the areas that would protect, flourish, or ‘be at one’ with the earth. In the book, â€Å"Taoist Feng Shui†, Susan Levitt explains: â€Å"In nature they sensed ‘chi’ energy, the breath of life in all things. Taoist observation of nature concluded that curved, flowing lines slow chi’ and bring abundance. Harmonious chi moves in a curved, graceful line, as if following the natural course of a river. Sharp, straight lines bring ‘sha’ chi, or bad chi (2).†   Ã‚  Ã‚  Ã‚  Ã‚  The Taoists believe that all energy is aligned. This alliance, called Tao, is represented by the figure of the yin and yang. Customarily, the yin is dark, female, and welcoming; the yang is light, male, and aggressive. Yin and yang are believed to be connected to one another and always fluctuating, each complimenting the opposing other. Examples of this relationship can be seen everywhere: midnight and noon, mountains and valleys, hot and cold, sweet and sour. Without one, there is no other (Levitt 6).   Ã‚  Ã‚  Ã‚  Ã‚  In order to chart the chi in a certain area or home, a feng shui compass must be used. This compass, the ba-gua, is composed of eight trigrams, or lines stacked three high, arranged to create an octagonal center ring. The ba-gua map is divided into eight separate sections and the center, with each section representing a different life area. These areas are fame, wealth, family, knowledge, career, helpful people, children, relationships, and, in the center, health (The Ba-Gua, par.

Saturday, January 11, 2020

A Brief Analysis of Reverse Discrimination

Racial discrimination is defined as unfavorable treatment, or having fine judgement or taste against a distinct race or minority. It is an epidemic that has been occurring for hundreds of years. Throughout different time periods people have been discerning others because of physical characteristics uncommon to each other. In 1607, English colonists in Jamestown, Virginia, became the first Americans to bring African slaves to the New World thus beginning hundreds of years of discrimination. There have been many improvements in the area of racial discrimination through laws and personal views, but racism still exists, and probably will for many years to come. In the workplace racial discrimination is so prevalent that there is one whole title in the Civil Rights Act of 1964 specifically dedicated to quelling this issue. The problem today is deciding where to draw the fine line between racial discrimination and making a choice for the better of your business, and when that line is crossed. But racial discrimination effects people other than those being directly discriminated. By definition, racial discrimination is due to a bias against minorities. But there is another form of discrimination – that of reverse discrimination. In this case it isn't the minority that is being discriminated against, it is the white man. Obviously both forms of biased views are, in simplest form, still discrimination, but reverse discrimination is sometimes not thought of as a serious problem and is an issue that must be addressed. Civil Rights legislature has made major strides in establishing equal rights in the work place but as minorities gain civil rights the issue of reverse discrimination becomes a problem. Before we can take a look at reverse discrimination, we must first look at the laws that establish our basic civil rights. There are two main pieces of legislature that frame these basic civil rights. They are the Fourteenth Amendment of the constitution and the C! The Fourteenth Amendment was ratified on July 9, 1868, and is one of the most important legal weaponS in Black America's struggle for equality (Davis, 11). Section 1 of the Fourteenth Amendment declares that † No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws† (Bagley A-6). The basic meaning of the amendment is that people are equally entitled to fundamental rights (Schwartz, 100). Its intention was for the individual to possess basic civil rights and to describe how he is affected by basic agencies of the states. In theory the â€Å"people† of the United States were now whites and minorities, and everyone should enjoy freedom equally (101). The Fourteenth amendment did have its shortcomings though. The way it was designed, lent itself to work on a state level rather than a federal level (Loevy 7). This meant that the federal government didn't have as much power as the individual states in enforcing the law and therefore allowed for discrimination by private citizens. There was the notion of a â€Å"free white jury that will never convict† (8). White southerners knew that a jury of their peers would never convict them for crimes such as murder, lynching, and blatant discrimination. It became routine that whites had their free will to personally enforce racial segregation. The first landmark case in the fight for racial integration and equality was Plessy v. Ferguson. In this case a railroad attendant refused to provide a sleeping car for an African American. It went to court under the fourteenth amendment and the Supreme Court eventually ruled that segregation of blacks and whites was constitutionally legitimate as long as the accommodations for each were equal. Separate but Equal† was now precedent and the fight for equality had won its first battle. This verdict soon came into question though when the notion of racial segregation in public schools was taken to court. Brown v. Board of education was probably one of the biggest landmark decisions in the fight for equal rights. The Supreme Court ruled that â€Å"separate but equal† was by definition – unequal. The court stated that segregation in public schools was unconstitutional and also implied that all forms of segregation were illegal (Loevy 17). Although this decision implied that segregation was illegal it did little to enforce the idea. There was still an opposition to integration that held the equal rights movement back. It was seen that there was a need for firm legislation that would not only lay down terms for equal rights but be able to enforce them too. >From 1866 to 1965 there were six Civil Rights Acts passed through congress. By far the most far-reaching Act was the Civil Rights Act of 1964 . It consisted of eleven titles and of those eleven; there was one that directly impacted discrimination in the workplace. Forty percent of all median income differences between black and white workers is the result of employment and occupation discrimination (Bell 717). Title VII forbids discrimination by employers (Karst 284) and makes it unlawful to even ask a prospective employee any information about race, color, gender, religion, or national origin (Zigarelli 2). The agency that enforces Title VII is the EEOC (Equal Employment Opportunity Commission). Since the creation of the Civil Rights Act of 1964, Title VII has been the source of more litigation than any other titles in the act (Karst 285). The Civil Rights Act of 1964 was indeed firm legislation that did in fact protect the civil rights of Americans, but with the legislative laws of the act also came a host of Common Laws. When a judge makes a decision in court, that decision is said to create a precedent. If a similar case comes to court the precedent will be what is followed when making that decision, and the precedent, although not a legislated law, becomes in affect, a law – or Common Law (Zigarelli 11). Now the citizens of the United States had a strong backing to achieve racial equality. But what happens when the system that is in place to provide these rights actually does the opposite and allows for discrimination of another group other than the minority. Reverse discrimination in the workplace is defined as preferential treatment for minority group members in that workplace (Goldman 4). It can be either giving special treatment in considering an applicant for employment or in considering an employee for promotion or termination. Some of the ways that reverse discrimination is introduced is by the use of quotas, percentages, and set-asides. In an effort to speed up the process of racial integration in our society, the government put forth these certain employment policies. Quotas and percentages are held to encourage minority hiring while also keeping with the existing workplace standards (Goldman 22). The idea is that if the percentage of minority employees working at an establishment is radically lower than the percentage of non-minority employees it is probably because of past discrimination. A quota is established to raise these numbers and create a racially equal working environment. In its basic form a quota is intended to be a goal the company wishes to achieve to be more of an equal opportunity employer. The problem that arises with this type of policy is that it becomes very easy to instead of hiring minority workers based on their competence and skill level, just say â€Å"The next certain n! umber of minorities that apply for the job I'll hire regardless of how skilled they are or how skilled their non-minority competition is. † It becomes a case of white man applying for a job, and his race, not his credentials being the reason for not hiring him (Baer 135); therefore loosing the job to a less qualified minority simply because the company wanted to correct for its past discrimination practices. In January 1972 the NAACP sued the Alabama state police because they had one of the least racially integrated police organizations in the country. The court ordered them to integrate their organization by hiring one African American police man for every white one until they possessed a 25 percent minority work-force (Urofsky 19). Court orders were followed and twelve years later the Alabama state police had one of the most integrated police forces in the south. Obviously the policy worked in integrating their organization but what would happen if a more qualified white man applied for the job and was rejected only because he was white? Is there any difference between the discrimination of African Americans and the discrimination of whites simply because an organization is trying to erase past prejudices? There is a belief that compensation should be made for wrongs done and that there is a need to improve the economic status of minorities, but by making special treatment for some, it is inevitable that others are discriminated against (Fullinwider 2-5). The only thing that is accomplished by these reverse discrimination practices is that the injustice is merely shifted from one group to another (Urofsky 30) rather than working on a solution to abolish it . Alan Goldman, author of Justice and Reverse Discrimination states that strict quotas for raising the percentages of blacks will, unless carefully controlled, result in the decrease of competency standards (22). The reason for this decrease, is that the employer can much more easily resort to hiring less qualified minority workers than properly screening the competency of all people that apply, thus lowering that standard. Quotas also have another drawback. While minorities have long been discriminated against as groups, the process of installing a quota discriminates against non-minorities as individuals (Urofsky 29). Most people believe that African Americans as a group do deserve some sort of compensatory treatment for past prejudices against them (Fullinwider 58). But preferential hiring does not accomplish this. It only benefits individuals and does nothing to further the racial acceptance of that group. The concept of Equal Opportunity in America creates another problem with preferential hiring. As plainly as it can be stated, Equal Opportunity, is a concept that should lend opportunities to all races equally. But since the conception of quotas and preferential hiring, Equal Opportunity has taken on a somewhat different meaning. It now seems to mean; instead of an equal opportunity for all, if one is a minority he will sometimes receive better treatment than a non-minority. Robert Fullinwider in his book The Reverse Discrimination Controversy goes so far to state that preferential hiring is unconstitutional because it violates the â€Å"principle of equal opportunity† (23). Now certainly there is no â€Å"principle of equal opportunity† in the constitution itself, but Fullinwider puts forth the idea that equal opportunity is analogous to the constitutional right of a fair trial or even of free speech. When thought of this way it is easy to contend that there is in fact a â€Å"princi! ple of equal opportunity† that is somewhat similar to a constitutional right. In a simpler form it can be stated that preferential treatment to minorities can be considered if not unjust, at least unfair because it allows minorities to achieve less, and still be just as competitive as non-minorities (Fullinwider 21). It is interesting to note that while Title VII of the Civil Rights Act of 1964 is the main piece of legislature that frames our civil rights, it is also the main framework for allowing reverse discrimination. Section 706(g) essentially gives the court power to order preferential treatment if the accused employer â€Å"has intentionally engaged in an unlawful employment practice charged in the complaint. † The statement: â€Å"which may include but is not limited to, reinstatement or hiring of employees †¦ or any other equitable relief as the court deems appropriate,† is basically the court's right to impose any type of preferential treatment it sees as being necessary. It becomes more confusing to note that section 703(a) and (j) seem to give an opposite opinion of preferential hiring. 703(j) even goes so far as to state the following: Nothing contained in this title shall be interpreted to require any employer †¦ to grant preferential treatment to any individual or any group (Fullinwider 125). It seems to be an odd complement of ideas to be put together in the same Title. On one hand you have a part of the Title that states that the decision is up to the judgement of the court and on the other hand you have another section that states that it is actually not up to the court to decide – it is simply wrong. Fullinwider gives an explanation for this. He states that the two different sections can be thought of as two different rules that will be interpreted differently. Depending on the situation the court is given the power to propagate whatever remedy will work best. All the previously mentioned terms such as preferential hiring, quotas, and set asides are all part of a whole known as Affirmative Action. This plan undertaken by Lyndon B. Johnson as an extension of Kennedy's civil rights campaign was a series of steps made to overcome the present effects of past discrimination (â€Å"Affirmative Action† 241). Although the plan accomplished great strides for minorities it also gave rise to the issue of Reverse Discrimination. And while it did advance minorities it left behind one major idea. The whole concept of discrimination comes not directly from the fact that minorities are held back physically or economically in society. It comes from the idea that we live in a race-conscious society where minorities are sometimes thought of as being a part of a lower economic standard. Critics of Affirmative Action do not see it as being a way for minorities to become more equal in society because with Affirmative Action comes the unending belief th! at ultimately, there is such a thing as race. If we are to overcome racism we must first learn that there is no such thing as race – there are only people. Affirmative Action is therefore thought of as simply another way for America to become an even more race-conscious society, thus keeping minorities from progressing. A good way to further understand the intricacies of Reverse discrimination is to look at specific cases where the policies of preferential hiring, quotas, set asides were put to the test. The first case will explore the rights of a man who was working for ten years and finally had to sue his employer to get a promotion. His name is Joseph Ray Terry and he has been a civil rights attorney at the EEOC for more than ten years. It has been said that workers should roughly be represented proportionally with their numbers in the general population but fifty percent of the white-collar jobs at the EEOC are held by blacks, who make up less than ten percent of the civilian workforce. Terry decided to sue and in 1996, the U. S. district judge of Memphis Jon McCalla ruled that the EEOC violated the laws that it was supposed to defend. Over his career, Terry was overlooked for a promotion more than ten times, and the jobs were given to less qualified minorities. In 1987, the EEOC ha! d 21 district directors; 19 minority, and 2 white. Terry had the credentials; education, experience and high-level government training but he still didn't get the job. One minority who was appointed over him didn't even have a high school diploma and most of the minorities appointed over him had little, if any of the qualifications that he had. The judge ordered the EEOC to pay $150,000 in damages, $8,000 in stress, and ordered him to be given the position of deputy general counsel, and entitled him to back pay. In this case it can clearly be seen that quotas and preferential hiring, while advancing many minorities, did hold back a perfectly capable white man from a promotion he deserved. The next similar example is of a female denied a position because of a less qualified minority. Patricia Steffes, a forty-six year old white female was awarded 2. 6 million dollars by federal jury on Wednesday May 6th, 1999. In this reverse discrimination case she was denied a management position in favor of a less qualified black man. Pepsi claims she lacked sales in front line management experience. Steffes had worked her way up the corporate ladder from payroll clerk to a $73,000 a year management position when she applied for a higher position. She started at the age of eighteen in 1972, following in the footsteps of her father and other relatives. Steffes was promised the next promotion opportunity, which opened in Lansing, Michigan. Even though she happened to be well qualified for it, a black employee got the job. Pepsi was ranked by Fortune Magazine as one of the â€Å"Top 50 Best Places for Minorities to work† and reserved 285 million dollars of its budget for minority and women owned businesses. The recent 2. 3 billion dollar IPO was handled by a minority owned! firm. Two of the top eighteen paid employees are minorities and twenty five percent of the entire workforce is comprised of minorities while thirty six percent of their hires in 1998 were minorities according to Fortune Magazine. In Steffes case, a minority held the job initially and when the word got out that Steffes might get hired, other minority employees complained and another less qualified black male got the job. Steffes wrote a letter to the EEOC and senior executive at Pepsi with no response. She then mailed a letter to Mr. Charles Stamper, the Supervisor at Pepsi. The officials weren't pleased so they put Steffes in their process called â€Å"developmental feedback† which is designed to improve an employees job performance. It resulted in Pepsi offering Steffes a transfer to a different facility on a â€Å"take it or leave it† basis. Steffes rejected it and took a leave of absence as advised by her doctor due to stress. She returned to work in September and supervisors allegedly ignored her. She was then ordered to train another black man who was being promoted to a job similar to the one she didn't receive. Steffes quit that day. One can see this is a case of blatant discrimination against a perfectly qualified white female. In the next case we will finally look at the concept of the set-aside. In the case FayComm v. US Small Business Administration a set-aside – designed to leave a certain number of contracts for minority firms to claim, ultimately was the cause of lengthy court battles and FayComm's loss of a contract they deserved. FayComm was a promising but small video production company. They had been working with FEMA for many years when a new (and expensive) contract came up to bid. FayComm bid on the job but was told that it was going to be given to a minority firm. Apparently the US Small Business Administration had taken the matter out of FEMA's hands and given it to the minority, so FayComm sued for the right to bid fairly and competitively. The issue here is the idea of the set-aside. It is practice in some businesses to take a certain number of contracts and set them aside to give to minorities. This serves two purposes. One is to satisfy Affirmative Action supporters, and the other is to skip the time consuming process of bidding for the contracts by simply â€Å"giving† it away to the minority. The problem arises in the fact that the contract is usually given to the minority regardless of its qualifications. In one hearing on this matter the judge was quoted as saying: â€Å"You mean to tell me that if the ‘minority firm' can demonstrate that it is not competent to do the work, and therefore cannot win the award in open, competitive bidding, then the lack of competence qualifies them to be given the contract? Apparently that's how the idea of set-asides is written. To this day FayComm is still in business but never was given a chance to bid on the job. These cases clearly show that Reverse Discrimination is a serious issue in American Society. Through the use of preferential hiring, quotas, and set-asides the government while trying to end discrimination, only succeeded in creating more discrimination. It is obvious that there is a need for some kind of solution to stop all discrimination. Though this paper was not written to solve discrimination, only analyze it, we will offer this final thought. It became increasingly evident to us that the reason for discrimination in the first place is because humans have this preconceived notion that for some reason, all people are not equal. No matter what the Constitution states or what laws are passed this idea seems to be engrained so deeply that it is quite difficult to overcome.

Friday, January 3, 2020

Absorption Spectrum - Chemistry Glossary

Definition: An absorption spectrum is a graph depicting the absorption of radiation by a material over a range of wavelengths. Return to the Chemistry Glossary Index