Network Security - Columbus State University

Network Security - Columbus State University

Network Security CPSC6128 Lecture 2 Attacks - Network Recon and Scanning 1 Exploiting Systems Why Teach? Much controversy over teaching how to hack Why should we learn this? You have to know how networks are attacked in order to mount an effective defense. Know your enemy However, with this knowledge comes responsibility. Much like if you learn how to fire a weapon you only do it at the pistol range not in the middle of the street. Likewise, skills taught here are to only be used in the confines of a controlled computer security research lab. If you go out and do something stupid you will end up

in jail. CPSC6128- Network Security 4 Some Additional Words of Caution General Assumption Bypassing a protection is illegal Penetration testing bypassing protections with explicit written PERMISSION from the owner of the system. Exception Germany and France and some other EMEA countries Place the development or possession of attack tools as illegal.

Legal advice is critical (this slide is not legal advice) CPSC6128- Network Security 4 Types of Attacks and Computer Crimes

Denial of Service Destruction of Information Dumpster Diving Emanation Eavesdropping Embezzlement Espionage Fraud Information Warfare Illegal Content of Material Malicious Code Masquerading Social Engineering CPSC6128- Network Security 5

Types of Attacks and Computer Crimes (Cont.) Software Piracy IP Address Spoofing Terrorism Theft of Passwords Use of exploit scripts Network Intrusions CPSC6128- Network Security

6 Why Computer and Network Attacks? Fame Not so much anymore (more on this with Trends) Money The root of all evil War A battlefront just as real as the air, land, and sea CPSC6128- Network Security US Federal Computer Crime Laws (consult legal council for official advice) 1970 US Fair Credit Reporting Act Regulates the collection, dissemination and use of consumer credit information.

RICO 1970 US Racketeer Influenced and Corrupt Organization Act extends criminal and civil penalties for acts performed as part of a criminal organization 1973 US Code of Fair Information Practices. Also called Five underlying principals CPSC6128- Network Security 7 Five underlying principals No personal data recordkeeping systems whose existence is secret Must be a way for a person to find out what information about them is in a record and how it is used

There must be a way for a person to prevent information obtained for a specific purpose from being used for another purpose without the subjects consent. There must be a way for a person to correct a record of information about them. Any organization creating, maintaining, using or disseminating records of personal data must assure the reliability of the data and take prudent measures to protect this data. CPSC6128- Network Security 8 US Federal Laws (cont) 1974 US Privacy Act Who is allowed to have access to information that contains identifying info (education, criminal, medical records but no limited to)

1978 Foreign Intelligence Surveillance Act (FISA) Covers electronic surveillance of foreign intelligence organizations. 1986 US Computer Fraud and Abuse Act (amended in 1996) covers malicious threats, attacks and unauthorized access to computer systems. Penalties increases with Patriot Act.1987 1994 US Communications Assistance for Law Enforcement Act This law requires all communications carriers to provide a facility for law enforcement to provide wiretaps. CPSC6128- Network Security 9 US Federal Laws (cont)

1996 US Economic and Protection of Proprietary Information Act Extends the definition of property to cover company proprietary information. Used to protect against economic espionage. 1996 Health Insurance and Portability Accountability Act (HIPPA Amended in 2000) Protecting personal information in the health insurance industry. 1996 Title 1, Economic Espionage Act Make theft of trade secrets a crime 1998 US Digital Millennium Copyright Act (DMCA) prohibits the manufacturing, trading or selling of any technology, device or service design to circumvent copy protection mechanisms

CPSC6128- Network Security 10 US Federal Laws (cont) US Uniform Computers Information Transactions Act (UCITA) covers software licensing, online access and other transaction between computer systems. Validates shrink wrapped licensing 2000 US Congress Electronic Signatures in Global and National Commerce Act (ESIGN) legal foundation for electronic signatures and records 2001 USA Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act Extends the ability of law enforcement to search electronic records. 2002 E-Govt Act Federal Information Security Management Act

(FISMA) improve security of computer networks in the federal government. CPSC6128- Network Security 11 Network Attack Methodology Recon Information Post Exploitation gathering Scanning Enumeration Identify Hosts Maintaining Access Removing Forensic Evidence

Exfiltration TODAYS LECTURE Vulnerability Identification Exploitation - Gaining access Elevating given access Application/Web level attacks Denial of Service (DOS) CPSC6128- Network Security 12 RECON - INFORMATION GATHERING

13 Network Attack Methodology Recon Information gathering Scanning Enumeration Post Exploitation Maintaining Access Removing Forensic Evidence Exfiltration Identify Hosts Vulnerability Identification Exploitation -

Gaining access Elevating given access Application/Web level attacks Denial of Service (DOS) 14 Reconnaissance Casing the joint Information Collection Gather as much information as possible about the target from open sources Bank robbers example typically perform reconnaissance on the branch Observe

times when the branch is busy with customers guard shift changes location of cameras, etc. It is the same first step performed in computer network attacks CPSC6128- Network Security 15 What are we trying to collect? Address of target Phone numbers Contact names can be used for social engineering

Divisions IP addresses Name servers Mail Servers Active Machines CPSC6128- Network Security 16 Low Tech Recon Dumpster Diving Shred your documents

Social Engineering Educate your users about giving out sensitive or confidential information over the phone Caller-id DOES NOT provide authentication Physical Break Ins You can have the best, multimillion dollar security system on the market but it will be useless if you dont lock the front door CPSC6128- Network Security 1 Changing Caller-ID is Easy There are legitimate reasons to do this. For example, I work from home often. When I call business

associates from home I would like my work number displayed. Has been around for a long time but used to require dedicated PRI lines and expensive equipment Now can setup Asterisk server (free and open source) and signup for a very low cost VoIP trunking provider. Just need a spare PC and broadband connection. Or even easier: CPSC6128- Network Security 1 Google Hacking Great source of intelligence on the target. Basic web search will reveal a good amount of info intentionally

listed on the targets website. More advanced Google queries can reveal information that is not meant for public consumption. Google Hacking Database: http://johnny.ihackstuff.com/ghdb/ CPSC6128- Network Security 1 Useful Google Searches for details, see Google Operators site: directive search only within a given domain site: ColumbusState.edu

link: directive shows all sites linked to the specified site. Link: www.poly.edu intitle: shows pages whose title matches the search criteria. inurl: shows pages whose URL matches the search string related: shows similar pages. CPSC6128- Network Security 2 Google search of filetype:sql insert into jos_users values md5

CPSC6128- Network Security 2 Google Recon Automated Foundstone SiteDigger (http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx) Wikto by Sensepost (http://www.sensepost.com/labs/tools/pentest/wikto) Both use Johnny Longs Google Hacking Database CPSC6128- Network Security 2 Edgar Database www.sec.gov

Electronic Data-Gathering, Analysis, and Retrieval If the company is publicly traded, the Edgar database can be a valuable resource to gather information CPSC6128- Network Security 2 Maltego (you can download a free version with limited function) Information gathering tool Can visually display the relationship between information Domain Names Whois Information DNS Names

Net blocks IP Addresses Also allow for the enumeration of people Email addresses Web sites associated with a person Phone numbers associated with a person's name Social groups that are associated with a person Companies and organizations associated with a person CPSC6128- Network Security 2 Maltego CPSC6128- Network Security

2 Other Methods Dont forget social networks Can be used for social engineering of the target Dumpster Diving CPSC6128- Network Security 2 Determine the Network Range (Scanning and Enumeration) 2 Network Attack Methodology

Recon Information gathering Scanning Enumeration Post Exploitation Maintaining Access Removing Forensic Evidence Exfiltration Identify Hosts Vulnerability Identification Exploitation - Gaining access Elevating given access Application/Web level attacks

Denial of Service (DOS) 3 DNS is a Treasure Trove of Info Domain registration When you register a domain name with an authorized registrar you must provide a valid name, address and phone number of the person responsible for the domain. This information can be used against you in an attack CPSC6128- Network Security 2 Whois Database Many website and domain registrars offer this service

through the web. Can also use the built in whois command on many Unix systems. First looks up the target in InterNIC to determine the registrar: http://www.internic.net/whois.net Then go to the registrar for detailed records: Ex. http://www.networksolutions.com/whois/index.jsp CPSC6128- Network Security 2 Also Get Registered IP Blocks Based on geographical location: ARIN (American Registry for Internet Numbers) www.arin.net (https://ws.arin.net/whois/) RIPE (Reseaux IP Europeans Network Coordination Centre) www.ripe.net

APNIC (Asia Pacific Network Information Center) www.apnic.net LACNIC (Latin American and Caribbean NIC) www.lacnic.net AFRINIC (Africas NIC) www.afrinic.net DoDNIC (Department of Defense NIC) www.nic.mil - not open to the outside Other useful sites: www.allwhois.com www.uwhois.com CPSC6128- Network Security 2 Columbusstate.edu WHOIS Reconnaissance 1. go to http://www.networksolutions.com/whois, http://educause.net (for EDU domain) 2. search domain ColumbusState.edu

CPSC6128- Network Security 25 DNS Record Types A ADDRESS RECORD. DESCRIBES THE IP ADDRESS THAT A GIVEN NODE HAS MX MAIL EXCHANGE. IP ADDRESS OF THE SERVER WHICH HANDLES MAIL FOR THE DOMAIN NS NAME SERVER. DOMAIN NAME SERVERS WHICH SERVE THIS DOMAIN NAME

CNAME CANONICAL NAME. ALIASES FOR HOST NAMES SOA FIRST LINE OF DNS FILE. INDICATES THAT THIS SERVER IS THE BEST SOURCE OF INFORMATION FOR THIS DOMAIN SRV SERVICE RECORD. INFORMATION ABOUT AVAILABLE SERVICE IN THE DOMAIN. SIP AND XMPP USE THIS. RP RESPONSIBLE PERSON. ASSIGN AN EMAIL ADDRESS TO A SPECIFIC HOST

PTR POINTER RECORD. ALLOWS FOR REVERSE DNS LOOKUP. TYPICALLY REQUIRED FOR MX HOSTS TXT ORIGINALLY FOR HUMAN READABLE INFORMATION. BUT NOW USED FOR THINGS SUCH AS DOMAIN-KEYS HINFO HOST INFO. SUPPLIES OS AND OTHER INFO ABOUT A HOST. GENERALLY NOT A GOOD IDEA. CPSC6128- Network Security 26

Poly.edu DNS Reconnaissance use mxtoolbox.com CPSC6128- Network Security 2 Lets dig into mail.poly.edu: use mxtoolbox.com CPSC6128- Network Security 2 Map of mail.poly.edu See: http://www.robtex.com CPSC6128- Network Security

2 BGP Looking Glass Servers home-macpro:~ kobrien$ telnet route-server.twtelecom.net Trying 66.162.47.58... Connected to route-server.twtelecom.net. Escape character is '^]'. C ************************************************************************ ** route-server.twtelecom.net ** ** tw twtelecom IP Route Monitor ** ** AS 4323 **

************************************************************************ This route server maintains peering sessions with several border routers within the tw telecom nation wide US network. 168.215.52.101 168.215.52.9 168.215.52.192 168.215.52.175 168.215.52.70 168.215.52.197 168.215.52.203 Atlanta, GA Chicago, IL Denver, CO Los Angeles, CA New York, NY Oakland, CA Seattle, WA

CPSC6128- Network Security 3 BGP Looking Glass Servers (cont) route-server>sh ip route 128.238.0.0 Routing entry for 128.238.0.0/16 Known via "bgp 4323", distance 200, metric 0 Tag 7018, type internal Last update from 168.215.52.202 5d10h ago Routing Descriptor Blocks: * 168.215.52.202, from 168.215.52.203, 5d10h ago Route metric is 0, traffic share count is 1 AS Hops 2 route-server>tracert 128.238.2.92 ^ % Invalid input detected at '^' marker.

route-server>trace 128.238.2.92 Type escape sequence to abort. Tracing the route to duke.poly.edu (128.238.2.92) 1 2 3 4 5 6 7 8 9 10 11 12 ge-0-3-0-514.dnvr.twtelecom.net (66.162.47.57) 0 msec 0 msec 0 msec peer-01-so-1-0-0-0.dlfw.twtelecom.net (66.192.246.53) 16 msec 16 msec 16 msec

cr2.dlstx.ip.att.net (12.122.138.18) [AS 7018] 52 msec 56 msec 52 msec cr1.attga.ip.att.net (12.122.28.173) [AS 7018] 56 msec 52 msec 56 msec cr2.wswdc.ip.att.net (12.122.1.174) [AS 7018] 56 msec 56 msec 56 msec cr2.n54ny.ip.att.net (12.122.3.37) [AS 7018] 56 msec 56 msec 56 msec gar2.nylny.ip.att.net (12.122.130.49) [AS 7018] 52 msec 56 msec 52 msec 12.116.102.22 [AS 7018] 60 msec 56 msec 56 msec 42ce7023.unknown.oainc.net (66.206.112.35) [AS 23329] 156 msec 56 msec 56 msec 65.77.177.90 [AS 23329] 56 msec 56 msec 60 msec duke.poly.edu (128.238.2.92) [AS 23329] 60 msec 60 msec 60 msec duke.poly.edu (128.238.2.92) [AS 23329] 60 msec 60 msec 60 msec CPSC6128- Network Security 3 Gather Other Network Information (?) CPSC6128- Network Security

3 Shodan www.shodanhq.com Expose online devices CPSC6128- Network Security 3 Identify Hosts CPSC6128- Network Security 3

Ping Sweep IP Scanner CPSC6128- Network Security 3 DNS Zone Transfer (?) On Linux systems dig can be used to perform a zone transfer from a DNS server. Very useful in recon and indentifying targets. dig @[DNS_server_IP] {target_domain] t AXFR [email protected]:~$ dig @10.1.1.3 example.org-t AXFR

; <<>> DiG 9.6.1-P2 <<>> @10.1.1.3 example.org -t AXFR ; (1 server found) ;; global options: +cmd example.org. 38400 IN SOA ns.example.org.example.org. admin.example.org.example.org. 2008090354 10800 3600 604800 86400 example.org. 38400 IN NS ns.example.org. smtp.example.org. 38400 IN CNAME

winserver.example.org. switch.example.org. 38400 IN A 10.1.1.2 linuxserv.example.org. 38400 IN A 10.1.1.67 vmware.example.org. 38400 IN A 10.1.1.25 winserver.example.org. 38400 IN A 10.1.1.26 winserver-ca.example.org. 38400 IN CNAME

winserver.example.org. wireless.example.org. 38400 IN A 10.1.1.14 example.org. 38400 IN SOA ns.example.org.example.org. admin.example.org.example.org. 2008090354 10800 3600 604800 86400 ;; Query time: 18 msec ;; SERVER: 10.1.1.3#53(10.1.1.3) ;; WHEN: Tue Jan 26 10:55:54 2010 ;; XFR size: 33 records (messages 1, bytes 840)

CPSC6128- Network Security 2 Brute Force Forward DNS Many scripts and tools to do this (example: dns-map).

Relies on the method of taking a database of common host names and performing forward lookup. bt-netbook:/pentest/enumeration/dns/dnsmap# ./dnsmap example.org dnsmap 0.22.2 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for obrienhome.org using built-in wordlist firewall.example.org IP address #1: 10.10.10.1 ftp.example.org IP address #1: 10.10.10.3 ns.example.org IP address #1: 10.10.10.3 smtp.example.org IP address #1: 10.10.10.10 vpn.example.org IP address #1: 10.10.10.1 CPSC6128- Network Security

3 Split DNS External DNS has info on DMZ servers. Internal DNS has info on internal servers. Prevents leakage of internal DNS information CPSC6128- Network Security 3 Finding Open Ports CPSC6128- Network Security 3

War Dialing War dialers dial a sequence of phone numbers searching for modems or open PBXs Modems are still prevalent for remote management of network equipment and infrastructure Often they are left unprotected CPSC6128- Network Security 3 Port Scanning Port scanners send TCP and UDP packets to various ports to determine if a process is active TCP 80 (web server) TCP 23 (telnet server) UDP 53 (DNS server)

TCP scanning based on 3 way handshake CPSC6128- Network Security 3 TCP Control Bits SYN Synchronize ACK Acknowledgement FIN End a connection RESET Tear down a connection

URG Urgent data is included PUSH Data should be pushed through the TCP stack CPSC6128- Network Security 3 HPING Runs on all Unix-like systems. Also windows version. Completely scriptable using TCL. Can be used to write scripts implementing low level packet manipulation very quickly. Example: hping3 -I en1 -S 10.1.1.1 -p 443 sends packet to port 443 with SYN flag Hping3 l en1 S 10.1.1.1 -p ++79

sends packet with SYN flag. Increments by 1 starting at 79 CPSC6128- Network Security 3 HPING Switches (selected see - - help) -F -S -R -P

-A -U --fin --syn --rst --push --ack urg -s -p -k -w -O -Q -b -M

-L --baseport destport --keep --win tcpoff --seqnum badcksum --setseq --setack CPSC6128- Network Security 3 HPING (?) Can also craft the payload of packets.

Useful for testing IPS/IDS systems. # cat /root/signature.sig ""BUFFER OVERFLOW # hping -2 -p 7 10.1.1.1 -d 50 -E /root/signature.sig HPING 192.168.10.33 (eth0 192.168.10.33): udp mode set, 28 headers + 50 data bytes len=78 ip=192.168.10.33 seq=0 ttl=128 id=24842 rtt=4.9 ms len=78 ip=192.168.10.33 seq=1 ttl=128 id=24844 rtt=1.6 ms len=78 ip=192.168.10.33 seq=2 ttl=128 id=24846 rtt=1.0 ms --- 192.168.10.33 hping statistic --3 packets tramitted, 3 packets received, 0% packet loss round-trip min/avg/max = 1.0/2.5/4.9 ms CPSC6128- Network Security 3 NMAP Very popular port scanning tool Written by Fodor. http://insecure.org/nmap Runs on Unix or Windows

GUI available (nmapfe) CPSC6128- Network Security 4 NMAP Scan Types TCP Connect scan This type of scan is the most reliable, although it is also the most detectable. It is easily logged and detected because a full connection is established. Open ports reply with a SYN/ACK, whereas closed ports respond with an RST/ACK. TCP SYN scan This type of scan is known as half open because a full TCP three-way connection is not established.

This type of scan was originally developed to be stealthy and evade IDS systems although most now detect it. Open ports reply with a SYN/ACK, whereas closed ports respond with a RST/ACK. TCP FIN scan This type of scan sends a FIN packet to the target port. Closed ports should send back an RST. This technique is usually effective only on UNIX devices. TCP NULL scan a NULL scan sends a packet with no flags set. If the OS has implemented TCP per RFC 793, closed ports will return an RST. TCP ACK scan

This scan attempts to determine access control list (ACL) rule sets or identify if stateless inspection is being used. If an ICMP destination unreachable, communication administrative prohibited message is returned, the port is considered to be filtered. CPSC6128- Network Security 4 NMAP Scan Types (cont) TCP XMAS port scan that has toggled on the FIN, URG, and PSH flags. Closed ports should return an RST. FTP Proxy bounce attack scans bounce an attack off a poorly configured FTP server Version Scanning tries to determine the version number of the program listening on the port

Fragmented Scans can get around some router ACL packet filters that do not examine the port number in fragmented packets. TCP Sequence Prediction useful in spoofing attacks CPSC6128- Network Security 4 TCP SYN Scan Client Client Client SYN Server SYN/ACKServer RST Server

The server is ready but the client never completes the handshake. Somewhat stealthy since session handshake is not completed which keeps it out of some log files Closed Open Filtered CPSC6128- Network Security 4 NMAP ACK Scanning Some firewalls may allow for outgoing SYN connections and their incoming responses with the

ACK bit set. Stateful firewalls maintain the state of the SYN and ACK packets and will only allow an ACK inbound if there is an outstanding SYN packet. Can be useful for network mapping CPSC6128- Network Security 4 NMAP FTP Bounce Scan RFC 959 defines a feature in FTP which allows for FTP proxy connections. Essentially I can connect to a FTP and request the server to send a file to a client. This should be disabled on properly configured FTP servers. Can be used on misconfigured FTP server to bounce a scan off the server thereby hiding the attackers location. Use port command to try and list directory.

If target is listening on the port, it will respond with a 150 or 226 response If the port is not listening or closed , it will respond with 425 Can't build data connection: Connection refused. Useful to get around firewalls if firewall allows connection to FTP server. CPSC6128- Network Security 4 FTP Bounce Scan

CPSC6128- Network Security 4 IDLE Scan (Hide the Scan Source) Normal port scans send TCP SYN packets to the target and wait for a SYN-ACK The problem with this is that the attacker is easily identified How to hide Scan Source Spoofing IP address (Solution 1) If the attacker Spoofs their source IP address then the attacker cannot receive the results of the scan. Using the IP Identification Field of the IP Header (Solution 2)

Normally used to group fragments of IP packets together Most OSs increment the IP Identification field by one for each packet sent CPSC6128- Network Security 4 Hide Scan Source Attacker first picks the machine which will be framed for the attack. Attacker sends a SYN packet to the framed machine Attacker gets back a SYN-ACK which will include the IP header with IP ID value of X which is remembered by the attacker. Next step is the attacker selects the port to be scanned and sends a spoofed SYN packet to the target with the framed machines IP. If listening the target will send a SYN-ACK back to the framed machine

When the framed machine receives a SYN-ACK from the target which was never requested it will send a RESET. The IP ID field on the framed machine will be X+1 Attacker now measures the IP ID field on the framed machine. Sends SYN. If gets IP ID value of X+2 then port is open. If IP ID is X+1 then it is closed CPSC6128- Network Security 6 IDLE Scan (cont) CPSC6128- Network Security 6 Useful NMAP Command with OS Fingerprinting nmap -sV -O -sC --top-ports 100 -T4 -oA [file] [address]

nmap -sV -O -sC --top-ports 100 -T4 -oA out.txt 10.1.1.0/24 -sV -Probe open ports to determine service-/version info -O -Enable OS detection -sC -Enable Script scanning --top-ports -Only scan popular ports -T4 -Sets template for fast scans (0 slow 5 fast) -oA -Output file CPSC6128- Network Security 6 Firewalk

Network scanning tool attempts to determine which layer3/4 ACLs are present on filtering routers and firewalls. Sends out TCP and UDP packets with a TTL on greater than the targeted firewall If the firewall allows the traffic it will forward to the internal host or next hop where it will expire and return an ICMP_TIME_EXCEEDED message. If the firewall drops the traffic

no response will be received. firewalk -p [protocol] -d [destination_port] -s [source_port] [internal_IP] [gateway_IP] [email protected]>firewalk -n -p tcp -s 80 -d 80 192.168.0.1 192.168.1.1 Firewalk 5.0 [gateway ACL scanner] Firewalk state initialization completed successfully. TCP-based scan. Ramping phase source port: 80, destination port: 80 Hotfoot through 192.168.0.1 using 192.168.1.1 as a metric. Ramping Phase: expired [192.168.0.1] Binding host reached. Scan bound at 2 hops.

Scanning Phase: A! A! A! A! A! open open open open open (port (port (port (port (port

not listen) [192.168.1.1] not listen) [192.168.1.1] not listen) [192.168.1.1] not listen) [192.168.1.1] listen) [192.168.1.1] CPSC6128- Network Security 6 httprint Web Server Fingerprinting CPSC6128- Network Security 4 Map the Network

At the point you should have enough information to map our the network. This is a critically important part as during a penetration test it would be referred to frequently. Cheops-NG is a network management tool but can assist in mapping out the topology of the network. It is very noisy so would not be appropriate for covert mapping CPSC6128- Network Security 6 Staying Anonymous Proxy Servers Works at the application layer For web proxies the proxy server terminates the http request on the server and then re-originates it. Used in organizations for outbound web access in order to restrict and monitor web surfing.

Can also be used to anonymize connections CPSC6128- Network Security 6 Anonymizing Proxies Thousands of free proxy servers are available. Be careful some are run by blackhats and can be used to steal your traffic. Can chain proxies together to make traceback more difficult. CPSC6128- Network Security

6 TOR Tor is a network of virtual tunnels connected together and works like a big chained proxy Tor uses random set of servers every time a user visits a site CPSC6128- Network Security 6 TOR (cont) CPSC6128- Network Security 7 But it Also Has its Own Underground

Websites only accessible from within the TOR network .onion URL Example: http://gjrg9qghh.onion Source of website is anonymized CPSC6128- Network Security Summary At this point we have performed complete reconnaisance on the target network and should have good understand of what is running in the network and how it is designed. Next step is scanning for vulnerabilities which we will cover in the next lecture CPSC6128- Network Security 7

Recently Viewed Presentations

  • WRITING ACROSS THE CURRICULUM Do Now Take an

    WRITING ACROSS THE CURRICULUM Do Now Take an

    Provides writing assignment options for all different types of learners. Allows students to choose from many different types of writing such as casual, semi-formal, and formal pieces. ... Sermons. Skits. Speeches. Test questions. Wanted posters. Word puzzles.
  • Microsoft® Office Outlook® 2003 Training

    Microsoft® Office Outlook® 2003 Training

    Arial Tahoma Training presentation- Outlook 2003—See and share multiple calendars Adobe Photoshop Image IBEW Intranet/Internet (INTRA) versus (INTER) net VPN Intranet Connection VPN-less Portal Login Portal Home Page Demo: Logging in through the Public Internet Vacation Scheduler Printing District Vacation...
  • Chapter 12

    Chapter 12

    Chapter 12 Modern Theatre Western Influence on World Theatre Spoken Drama in India China Japan The Arab World Pre-colonial Africa The Advent of Realism Antecedents William Fox Talbot (1800-1877) Invented the photographic negative around 1840 Thomas Edison Invented the incandescent...
  • The Nature and Function of Factor Markets

    The Nature and Function of Factor Markets

    Every factor of production that is sold in the factor market is paid its equilibrium value of the marginal product (a.k.a. MRP) or the additional value of employing the last unit of that factor. Example: All workers are paid the...
  • IA Modifications to eJMAPS

    IA Modifications to eJMAPS

    Prepares passes for SASI/ASI signature. Maintains discipline within the classroom. Answers classroom phone; takes required action. Assists Flight Commander with inspection. Leads Flight during drill practice. Collects textbooks at the end of class on Wednesday (7th Pd) Discusses issues/concerns with...
  • THE ASK: INVITATION TO ENGAGEMENT April 10, 2018

    THE ASK: INVITATION TO ENGAGEMENT April 10, 2018

    Unconscious Bias, Devaluation and How to Offset as the Asker. Lunch. Benefits and Facilitators Around the Invitation to Relationship. Break. The Ask: Call to Action. What Doing the Work Requires. Wrap Up "The Vision" Our purpose is to increase social...
  • Object Oriented development Risks

    Object Oriented development Risks

    Executive Level Briefing SAS meeting July 2004 Outline Problem Approach Importance/benefits Relevance to NASA Accomplishments Next steps Problem Statement NASA has considerable experience applying IV&V to traditional function-based software systems Emerging use of OO brings unique challenges and risks There...
  • HISTORY JEOPARDY - Weebly

    HISTORY JEOPARDY - Weebly

    JEOPARDY The American Revolution Random Stuff Declaration of Independence Conflicts Patriots and Loyalists Leaders 100 100 100 100 100 200 200 200 200 200 300 300 300 300 300 400 400 400 400 400 500 500 500 500 500 (Sorta...