Return to authgw-slides.pdf CVS log

Up to [local] / www / papers

Add 2 more pdf's.

%PDF-1.3
%����
2 0 obj
<<
/Length 1017
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 209.182 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(Dealing with Public Ethernet Jacks:)Tj
-1.111 -1 TD
(Switches, Gateways, and Authentication)Tj
7.0805 -6 TD
(Bob Beck)Tj
-3.872 -1 TD
(beck@bofh.ucs.ualberta.ca)Tj
1.164 -1 TD
(University of Alberta)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 1)Tj
ET
endstream
endobj
3 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
11 0 obj
<<
/Length 2073
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 207.561 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(The Problem: Public Ethernet Jacks.)Tj
-3.8391 -2 TD
[(�)-469.6(Public access points to our campus network,)]TJ
1.0756 -1 TD
[(Insecure PC \(W)37(indows and Macintosh\) labs as well)]TJ
T*
(as public Ethernet jacks for laptops)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
227.22 168.05 m
230.394 168.05 232.97 165.474 232.97 162.3 c
232.97 159.126 230.394 156.55 227.22 156.55 c
224.046 156.55 221.47 159.126 221.47 162.3 c
221.47 165.474 224.046 168.05 227.22 168.05 c
s
BT
0 23 -23 0 233 180 Tm
[(People of)18(f)-250(the street walk in, then use/abuse.)]TJ
ET
250.26 168.05 m
253.434 168.05 256.01 165.474 256.01 162.3 c
256.01 159.126 253.434 156.55 250.26 156.55 c
247.086 156.55 244.51 159.126 244.51 162.3 c
244.51 165.474 247.086 168.05 250.26 168.05 c
s
BT
0 23 -23 0 256 180 Tm
(Students may use the labs to cause mischief on)Tj
T*
[(or of)18(f)-250(campus.)]TJ
-2.6408 -2 TD
[(�)-469.6(I)0(n)-250(the past, to prevent abuse labs weren�)18(t)-250(routed)]TJ
1.0756 -1 TD
[(of)18(f)-250(our campus. \(Internet use by proxy only\). Still a)]TJ
T*
(source of attacks on campus.)Tj
-1.0756 -2 TD
[(�)-469.6(More and more demand for mobile plug-in type)]TJ
1.0756 -1 TD
[(access, and other protocols we didn�)18(t)-250(want to proxy)92(.)]TJ
T*
[(W)74(e)74( )-74(needed a better solution.)]TJ
ET
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 2)Tj
ET
endstream
endobj
12 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
14 0 obj
<<
/Length 1630
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 290.073 Tm
0 g
/GS1 gs
0 Tc
0 Tw
[(What Did W)74(e)-250(W)74(ant?)]TJ
-7.9162 -2 TD
(The same level of control we have with our student)Tj
0 -1 TD
(access UNIX systems.)Tj
0.4897 -2 TD
[(�)-469.6(W)74(e)-250(already make use of Kerberos \(we have about)]TJ
1.0756 -1 TD
(50,000 User IDs\).)Tj
-1.0756 -1 TD
[(�)-469.6(Needed a solution to work both with public plug-)]TJ
1.0756 -1 TD
[(in access and labs of insecure PC�)55(s)-250(\(win95, win98,)]TJ
T*
(Mac\).)Tj
-1.0756 -1 TD
[(�)-469.6(W)74(anted something to integrate with the Kerberos)]TJ
1.0756 -1 TD
[(IDs we already give out to all students and staf)18(f.)]TJ
-1.0756 -1 TD
[(�)-469.6(Must prevent unauthorized net usage)]TJ
T*
[(�)-469.6(Must ensure authorized usage can be easily)]TJ
1.0756 -1 TD
(tracked.)Tj
-1.0756 -1 TD
[(�)-469.6(Must be relatively secure and attack resistant.)]TJ
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 3)Tj
ET
endstream
endobj
15 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
17 0 obj
<<
/Length 1223
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 287.601 Tm
0 g
/GS1 gs
0 Tc
0 Tw
[(What W)74(e)-250(Looked At.)]TJ
-7.3191 -2 TD
[(�)-469.6(W)37(indows NT)]TJ
T*
[(�)-469.6(Nontransparent Proxies \(FWTK etc.\))]TJ
T*
[(�)-469.6(Commercial )]TJ
/TT7 1 Tf
6.8812 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(rewall products)Tj
-7.492 -2 TD
[(�)-469.6(DHCP registration systems)]TJ
1.5756 -3 TD
[(W)74(e)74( )-74(found nothing that did what we wanted at a)]TJ
-0.5 -1 TD
[(price we could af)18(ford.)]TJ
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 4)Tj
ET
endstream
endobj
18 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
21 0 obj
<<
/Length 1793
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 322.434 Tm
0 g
/GS1 gs
0 Tc
0 Tw
[(What W)74(e)-250(Did.)]TJ
-8.8336 -2 TD
[(�)-469.6(A)0(n)-250(authenticating gateway)92(,)-250(which when placed in)]TJ
1.0756 -1 TD
(front of a lab forces the user to authenticate before)Tj
T*
(allowing access from their IP address.)Tj
-1.0756 -2 TD
[(�)-469.6(Once authenticated, everything is allowed,)]TJ
1.0756 -1 TD
[(\(although much is logged\).)-500(T)111(o)111( )-111(do)-250(this we wrote)]TJ
T*
(some custom software for our gateways.)Tj
-1.0756 -2 TD
[(�)-469.6(W)74(e)-250(ensure our gateways are con)]TJ
/TT7 1 Tf
15.5845 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(gured to avoid)Tj
-15.1198 -1 TD
(problems with IP spoo)Tj
/TT7 1 Tf
10.3599 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ng.)Tj
-12.0463 -2 TD
[(�)-469.6(W)74(e)-250(use only switched networks with the switches)]TJ
1.0756 -1 TD
(con)Tj
/TT7 1 Tf
1.6108 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(gured appropriately to prevent snif)Tj
/TT7 1 Tf
16.0372 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ng and)Tj
-18.8697 -1 TD
(hijacking.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 5)Tj
ET
endstream
endobj
22 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
24 0 obj
<<
/Length 1993
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 322.549 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(The Switches.)Tj
-8.8386 -2 TD
[(�)-469.6(Our system authenticates a used based on their)]TJ
1.0756 -1 TD
(source IP address.)Tj
-1.0756 -2 TD
[(�)-469.6(T)111(o)-250(d)0(o)-250(this in a reasonable manner)55(,)-250(w)0(e)-250(needed a)]TJ
1.0756 -1 TD
(network which was not vulnerable to spoo)Tj
/TT7 1 Tf
19.4414 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ng or)Tj
-20.0522 -1 TD
(hijacking attempts.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
296.22 168.05 m
299.394 168.05 301.97 165.474 301.97 162.3 c
301.97 159.126 299.394 156.55 296.22 156.55 c
293.046 156.55 290.47 159.126 290.47 162.3 c
290.47 165.474 293.046 168.05 296.22 168.05 c
s
BT
0 23 -23 0 302 180 Tm
(MAC-lock switches where possible.)Tj
ET
319.26 168.05 m
322.434 168.05 325.01 165.474 325.01 162.3 c
325.01 159.126 322.434 156.55 319.26 156.55 c
316.086 156.55 313.51 159.126 313.51 162.3 c
313.51 165.474 316.086 168.05 319.26 168.05 c
s
BT
0 23 -23 0 325 180 Tm
(Where not possible, ensure they do not)Tj
T*
(broadcast unknown traf)Tj
/TT7 1 Tf
10.9244 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(c)Tj
-14.176 -2 TD
[(�)-469.6(Ensure nothing in the lab can talk to the switch.)]TJ
T*
[(�)-469.6(Goal: ensure nobody can see anyone else�)55(s)-250(session)]TJ
ET
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 6)Tj
ET
endstream
endobj
25 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
27 0 obj
<<
/Length 1738
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 320.939 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(The Gateways)Tj
-8.7686 -2 TD
[(�)-469.6(Our gateways are built using OpenBSD \(version)]TJ
1.0756 -1 TD
(2.5\).)Tj
-1.0756 -2 TD
[(�)-469.6(The gateways by default blocks all outgoing traf)]TJ
/TT7 1 Tf
23.1396 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(c)Tj
-22.6748 -1 TD
(from the labs using packet )Tj
/TT7 1 Tf
12.3584 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(lters \(ipf\).)Tj
-14.0448 -2 TD
[(�)-469.6(Our gateways allow a user to connect and)]TJ
1.0756 -1 TD
(authenticate using their Kerberos ID and)Tj
T*
(password.)Tj
-1.0756 -2 TD
[(�)-469.6(O)0(n)-250(successful authentication the gateway adds)]TJ
1.0756 -1 TD
(rules to allow out all traf)Tj
/TT7 1 Tf
11.2305 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(c \(and log some of it\).)Tj
-12.9169 -2 TD
[(�)-469.6(A)0(s)-250(soon as the authenticating session disconnects,)]TJ
1.0756 -1 TD
(the )Tj
/TT7 1 Tf
1.6938 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(lter rules added above are removed.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 7)Tj
ET
endstream
endobj
28 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
30 0 obj
<<
/Length 1550
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 194.761 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(authipf - Our Program For Filter Rules)Tj
-3.2826 -2 TD
[(�)-469.6(Users connect to gateway with telnet \(Why telnet?)]TJ
1.0756 -1 TD
(because they all have it and can use it!\))Tj
-1.0756 -2 TD
[(�)-469.6(User authenticates with login, login runs authipf, a)]TJ
1.0756 -1 TD
(program which adds )Tj
/TT7 1 Tf
9.6377 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(lter rules when started,)Tj
-10.2485 -1 TD
(removes when done.)Tj
-1.0756 -2 TD
[(�)-469.6(TCP KEEP)74(ALIVE values tuned to ensure that)]TJ
1.0756 -1 TD
(unresponsive sessions go away in under a minute.)Tj
-1.0756 -2 TD
[(�)-469.6(authipf logs to syslog when users authenticate, and)]TJ
1.0756 -1 TD
[(when they disconnect.)-500(It also puts in rules to log)]TJ
T*
(tcp sessions.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 8)Tj
ET
endstream
endobj
31 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
33 0 obj
<<
/Length 2201
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 218.095 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(Security and Con)Tj
/TT7 1 Tf
7.8877 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(guration Issues)Tj
-12.7956 -2 TD
[(�)-469.6(T)111(o)-250(reiterate, switches must be con)]TJ
/TT7 1 Tf
16.405 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(gured properly)Tj
-15.9402 -1 TD
(to avoid traf)Tj
/TT7 1 Tf
5.5386 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(c snooping and hijacking)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
181.26 168.05 m
184.434 168.05 187.01 165.474 187.01 162.3 c
187.01 159.126 184.434 156.55 181.26 156.55 c
178.086 156.55 175.51 159.126 175.51 162.3 c
175.51 165.474 178.086 168.05 181.26 168.05 c
s
BT
0 23 -23 0 187 180 Tm
[(MAC lock each port or)55(..)]TJ
ET
204.24 168.05 m
207.414 168.05 209.99 165.474 209.99 162.3 c
209.99 159.126 207.414 156.55 204.24 156.55 c
201.066 156.55 198.49 159.126 198.49 162.3 c
198.49 165.474 201.066 168.05 204.24 168.05 c
s
BT
0 23 -23 0 210 180 Tm
[(T)129(urn of)18(f)-250(unknown unicast )]TJ
/TT7 1 Tf
12.1841 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ooding.)Tj
-15.4357 -2 TD
[(�)-469.6(W)74(e)-250(periodically review switch con)]TJ
/TT7 1 Tf
16.7203 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(gs to ensure we)Tj
-16.2555 -1 TD
[(haven�)18(t)-250(made mistakes)]TJ
-1.0756 -2 TD
[(�)-469.6(Our switches deal with traf)]TJ
/TT7 1 Tf
13.497 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(c at the MAC level, yet)Tj
-13.0322 -1 TD
(we authenticate based on IP address - this means)Tj
T*
(that there is a potential problem..)Tj
ET
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 712.8 Tm
(Page 9)Tj
ET
endstream
endobj
34 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
36 0 obj
<<
/Length 1792
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 336.257 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(IP spoo)Tj
/TT7 1 Tf
3.417 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ng)Tj
-13.4624 -2 TD
[(�)-469.6(A)0(n)-250(attacker can fake a ARP reply)92(,)-250(o)0(r)-250(just try to use)]TJ
1.0756 -1 TD
(an IP address from the lab to get an IP address that)Tj
T*
(is in use in the lab and already authenticated.)Tj
-1.0756 -2 TD
[(�)-469.6(W)74(e)-250(react to this possibility by having the gateway)]TJ
1.0756 -1 TD
(watch for the occurence of such events. ARP)Tj
T*
(changes are logged by OpenBSD.)Tj
-1.0756 -2 TD
[(�)-469.6(When we see an ARP table change, we use swatch)]TJ
1.0756 -1 TD
(to ensure that if there is a running authipf process)Tj
T*
(for that address, it gets killed.)Tj
-1.0756 -2 TD
[(�)-469.6(This ensures that if an IP address is taken over)55(,)-250(i)0(t)-250(i)0(s)]TJ
1.0756 -1 TD
(no longer authenticated, and must reauthenticate)Tj
-1.0756 -2 TD
[(�)-469.6(W)74(e)-250(also get noti)]TJ
/TT7 1 Tf
8.3067 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(ed when this happens.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 10)Tj
ET
endstream
endobj
37 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
39 0 obj
<<
/Length 2247
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 329.898 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(Other Issues)Tj
-9.1581 -2 TD
[(�)-469.6(Students can walk away)92(.)]TJ
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
158.22 168.05 m
161.394 168.05 163.97 165.474 163.97 162.3 c
163.97 159.126 161.394 156.55 158.22 156.55 c
155.046 156.55 152.47 159.126 152.47 162.3 c
152.47 165.474 155.046 168.05 158.22 168.05 c
s
BT
0 23 -23 0 164 180 Tm
[(W)74(e)74( )-74(deal with this in our traditional way of)]TJ
0 -1 TD
(dealing with the "Oh gee, you left yourself)Tj
T*
(logged on" cases.)Tj
-2.6408 -2 TD
[(�)-469.6(Users must know how to telnet to the gateway and)]TJ
1.0756 -1 TD
[(authenticate. )-250(W)74(e)-250(put big posters everywhere, and)]TJ
T*
(icons on the desktops in the labs of machines.)Tj
-1.0756 -2 TD
[(�)-469.6(This does not address the \(in\)security of the client)]TJ
1.0756 -1 TD
(machines due to what is running on them.)Tj
ET
388.26 168.05 m
391.434 168.05 394.01 165.474 394.01 162.3 c
394.01 159.126 391.434 156.55 388.26 156.55 c
385.086 156.55 382.51 159.126 382.51 162.3 c
382.51 165.474 385.086 168.05 388.26 168.05 c
s
BT
0 23 -23 0 394 180 Tm
(The laptop is the users problem.)Tj
ET
411.24 168.05 m
414.414 168.05 416.99 165.474 416.99 162.3 c
416.99 159.126 414.414 156.55 411.24 156.55 c
408.066 156.55 405.49 159.126 405.49 162.3 c
405.49 165.474 408.066 168.05 411.24 168.05 c
s
BT
0 23 -23 0 417 180 Tm
(Labs of machines reload an image regularly on)Tj
T*
(boot to minimize trojan/virus exposure \(and)Tj
T*
(warn users in big letters\))Tj
ET
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 11)Tj
ET
endstream
endobj
40 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
44 0 obj
<<
/Length 1548
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 308.703 Tm
0 g
/GS1 gs
0 Tc
0 Tw
[(Other Nice Stuf)18(f)]TJ
-8.2366 -2 TD
[(�)-469.6(Gateway intercepts IDENT \(rfc 1413\) requests)]TJ
1.0756 -1 TD
[(aimed at inside hosts.)-500(answers them with the)]TJ
T*
[(authenticated user)55(.)]TJ
-1.0756 -2 TD
[(�)-469.6(W)74(e)-250(intercept and proxy IMAP and SMTP outbound)]TJ
1.0756 -1 TD
(to our main central servers which use the same id)Tj
T*
(and passwords. These proxies then substitute in)Tj
T*
(the username/password for those connections with)Tj
T*
(the one used to authenticate.)Tj
-1.0756 -2 TD
[(�)-469.6(W)74(e)-250(don�)18(t)-250(regularly proxy http on the gateways, but)]TJ
1.0756 -1 TD
(have the capability to do it when tracking)Tj
T*
(problems \(at our site we watch http requests)Tj
T*
(elsewhere\))Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 12)Tj
ET
endstream
endobj
45 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
47 0 obj
<<
/Length 1891
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 293.374 Tm
0 g
/GS1 gs
0 Tc
0 Tw
[(W)74(ell, Does it work?)]TJ
-7.5701 -2 TD
[(�)-469.6(Deployed in front of student residences and over)]TJ
1.0756 -1 TD
(30 labs and laptop areas at University of Alberta.)Tj
T*
(More all the time.)Tj
-1.0756 -1 TD
[(�)-469.6(Students rapidly became used to how it works.)]TJ
1.0756 -1 TD
[(very little user training necessary)92(.)]TJ
-1.0756 -1 TD
[(�)-469.6(Other on campus departments now less fearful of)]TJ
1.0756 -1 TD
(connections from public labs \(some used to block)Tj
T*
(them entirely!\))Tj
-1.0756 -1 TD
[(�)-469.6(N)0(o)-250(more of)18(f-street people showing up to abuse)]TJ
1.0756 -1 TD
[(labs \(It�)55(s)-250(not interesting if they have no Internet)]TJ
T*
(connection\). Places without this installed are now)Tj
T*
(requesting it.)Tj
-1.0756 -1 TD
[(�)-469.6(T)55(ime to identify the user responsible for harrasing)]TJ
1.0756 -1 TD
(e-mail from these locations via hotmail is down to)Tj
T*
[(about 60 seconds. \(other stuf)18(f)-250(quick to )]TJ
/TT7 1 Tf
17.5889 0 TD
(�)Tj
/TT2 1 Tf
0.6108 0 TD
(nd too\))Tj
-18.1998 -1 TD
(This saves *lots* of work.)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 13)Tj
ET
endstream
endobj
48 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
/TT7 19 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
50 0 obj
<<
/Length 1070
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 95 235.034 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(Possible Future Enhancements)Tj
-5.0336 -2 TD
[(�)-469.6(ssh)]TJ
T*
[(�)-469.6(netbios)]TJ
T*
[(�)-469.6(More proxies)]TJ
T*
[(�)-469.6(Support for more/dif)18(ferent authentication)]TJ
1.0756 -1 TD
[(mechanisms \(YP)129(,)-250(LDAP)129(,)-250(etc.\))]TJ
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 14)Tj
ET
endstream
endobj
51 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
53 0 obj
<<
/Length 1169
>>
stream
BT
/TT2 1 Tf
0 23 -23 0 118 209.182 Tm
0 g
/GS1 gs
0 Tc
0 Tw
(Dealing with Public Ethernet Jacks:)Tj
-1.111 -1 TD
(Switches, Gateways, and Authentication)Tj
-2.7986 -4 TD
[(�)-469.6(ftp://sunsite.ualberta.ca/pub/Local/People/beck/authipf)]TJ
0 -2 TD
[(�)-469.6(http://www)92(.ualberta.ca/�beck/lisa99.ps)]TJ
9.8791 -3 TD
(Bob Beck)Tj
-3.872 -1 TD
(beck@bofh.ucs.ualberta.ca)Tj
1.164 -1 TD
(University of Alberta)Tj
ET
0 G
1 J 1 j 0.012 w 10 M []0 d
1 i 
108.03 72.03 m
504.03 72.03 l
504.001 72.012 m
523.873 72.012 540.001 88.14 540.001 108.012 c
540.03 108.03 m
540.03 273.63 l
540.03 233.91 l
540.03 558.15 m
540.03 634.95 l
540.001 684.011 m
540.001 703.883 523.873 720.011 504.001 720.011 c
504.03 720.03 m
108.03 720.03 l
108.001 720.011 m
88.129 720.011 72.001 703.883 72.001 684.011 c
72.03 684.03 m
72.03 108.03 l
72.001 108.011 m
72.001 88.139 88.129 72.011 108.001 72.011 c
S
BT
/TT4 1 Tf
0 9 -9 0 543.001 236.138 Tm
(Bob Beck)Tj
/TT3 1 Tf
3.9717 0 TD
<00ef>Tj
/TT4 1 Tf
0.564 0 TD
[( Dealing with Public Ethernet Jacks: Switches, Gate)25(w)10(ays, and Authentication)-9030.5(No)15(v)-250(5)0(,)-250(1999)]TJ
/TT6 1 Tf
0 14 -14 0 588 704.4 Tm
(Page 15)Tj
ET
endstream
endobj
54 0 obj
<<
/ProcSet [/PDF /Text ]
/Font <<
/TT2 4 0 R
/TT3 5 0 R
/TT4 6 0 R
/TT6 7 0 R
>>
/ExtGState <<
/GS1 8 0 R
>>
>>
endobj
8 0 obj
<<
/Type /ExtGState
/SA false
/SM 0.02
/OP false
/op false
/OPM 1
/BG2 /Default
/UCR2 /Default
/HT /Default
/TR2 /Default
>>
endobj
55 0 obj
<<
/Type /FontDescriptor
/Ascent 750
/CapHeight 662
/Descent -250
/Flags 6
/FontBBox [-168 -218 1000 898]
/FontName /BFGCPH+Times-Roman
/ItalicAngle 0
/StemV 84
/XHeight 450
/StemH 84
/FontFile2 56 0 R
>>
endobj
56 0 obj
<<
/Filter /FlateDecode
/Length 4835
/Length1 9352
>>
stream
H��V
lT��v�{w���l��05���6��3PC�Q��gs8p?1$dj@JI$�͏R���@HBKDEi�+�O[�R�B$i�{��ݙU�7�nfwfggfg�@�t`޲����Rљ�㪖�{>jT7��� �&����k`>`�Q�[S�����{8YS7?��?_l��" O�_��&�g��/��"ա�����M�8?‰��0��Z�/�_1m����\��Ǘ�ki�4���+.�
���*7-9ZQ�i�/si.��E�h��
�L���V׭�]���ns诵n��cJ�s�.��lw�	H]
��U�#ʃFX����1�!�2di�v���M�z��z�b��?i�4nV��Q#�}Ѐ��}Ð�l\�7��`f�$~�7�X4�Q"*��O|�|��s�J,�m)~
W���\>��a܅(B9�l��I���q��k_�l��y�o����HG}֢N��z���o��H���C1
�GQ,�z��<�Df��\�S�Y؄�~#���b��#v-f2�Z���l����Ż���n�m�m�%�~'va/~�2�)�5���,�Ԇ�]��_Ѿ��G�pEO2��5ΐ�p�l�/f�:�h�d��Cw���eֻ�4��/c���y��u�'}�?��a���)y[���)�r{�}�>n��'b�+�_F��z��F���n�;x�Y}���[$�T��,.�O%dw9��Nk��&�}�~�(6c�Ů�����3��^���gc8��{��LC¬�cN��x-��y\�%|���d��E��-V���IqV|.�L�}���(w�Nȳ򼖮eh�Z�6Wۦ��^ן3���g�ۮO�cU�ply���Q���n�i�`4>F��t�3�)����*��M���!����j�Q�el�m�ܿY�S�4V"W����q�
1^��Ib:�g�(!Q+��^�$�{�G3�E��3�h#]7H�KC�e�4e�e�Y�����@F��k�l��5h�Z�"Y�	��֦]Ѿ���z}���~V��_����5��\c�1ӕ�*t-w��:�~̽�}
Y㷘���*���俰F��=�-_��rO�A��R��o��.���<RG�:�W*��Ȍ�+��p}Dq>��J��n�*��]ZX�X+{yoo5�uX\3��DoG.��W\H�������g~��훙ѧwz��Ԕ���H�ԭk�Ν:z:�]��I�AA���k������q9jl�8�o���r��A�[�y��Ӳ�!K���R$yGbd� o��ZL�a1{J9�-
��k�t䉎��#w���q�7�	x-Q�
Z��#M��ݵ�Y��9�؄�z'��˜PC$�LY�t3�z�
G�eCak��`���W�3�c��y�����r��Kө��;g�?6u��M���W��МrKUX�R��}��j��U�}3l����SZ2�4T�T��lV�Qh3GeӼt+7T�[bCE<'�x�fP�T�z-�YbF�j+YsL-?��O��@����{�{9��A-ikF�X����9��K[�<���D'���_�˦ޫ�P;����r61k���.@SU
����r��Sٔ�C����$��t<(��gB�WV�(Q罎�>!��v!�<ر}�7ݭ��J'��F�ߨ�5q�Ox���2��5�]���*�T���>�%�9ߨ?�"گ�x2y�,���d�*QDT��h���&�JG�W�}�G#�-ht�E��4f�$����������Ԙ�������t�G�PD;��\��̠��
>�x�պ�w��fYh� h�DwrG?�QF�M>�<�<��*v�w2���&�:�,��GYa(�Qkh�a��{%j��}�Gn}�s�ֆ��E4*�Owb�L�>D�՞��_��?0X�w?�� .7��a$?��6�g�Bl��H�c�W��z%
�6f~G�,=�����ٌj�'�r���k��c�f��a����y�p��gr5��f���NT�0������CؾιN���lIy����-գ�j�}�
�p�W�ߢ���X�:B���aKT��ً��}�m��[K�`��"��G�V�Q�髫�#qWP�G�s_⌊\S������E�VO�|������omJGߪ�2U߲w&�U}�zĹ�?�w���s���3C�����M���G��x���Zk�wD���v�zV�z��C�N,m��Z�~�6޾��<!�<���>�Դ�>Mލ�b|����K�߼���9w���9���;�����q�s����{�����������ow�/y��4@���3KB^`�!6�ˏHcC��i?�R
-�P���b2�q�t���cD�h[�Jm-u*TGk[ۢ�S"M�9{�S��?;����s�����5j̗�\~N�_�wƮ�~�ϷYǦ�ž]��.�����K#���<�n���&�:%�`Osk�̯���׵e<�d����~2vwƔם;���$_�$� 
w�l�{+�(�9�}.�'�2U����.λpK�m5��s��)�o�UJX�֫��U��T�XP����T�Au���ն�qq��D������F{����iMǾ���"�{4���ά���y+�ͅV�]|#*��4�҈���U�0�#���Z�WxU�W|eck6^�|eizT�꒚�*��Xg�������	�R��-��)�c����r�D �c��1/x̭s��<���
,h�\�+�?V�%fQ�yo�����gS9}r̗s�X��?�\�c��1G�`�v(����?𔚟�����?,57��kK͇K��Rsa�9$��i����R��lK�D�#����P�qx�m�Ե�>+7o�S���<4OFÇ��j#x�
�hx5�� �v�*`��*���Qۋ՚���i��;p8�B>.��:P�'����Ob���NvdԿ�GD��Y�ij8䫡(
�/)�Ab��a��:���Ɣ�Z�n�i��iWZ7�cNTn��t4�{cڡ����&p�uѮ����Z�b�W��i��:��ORtx
Oh�����a=oo���s�^��f��c�fӜSs��r�`XK1Ⓖ2kʻ)V~�xk���u���*��4=�f�}�o�Z�,β��,k���51�w�&P��5&���|��Q�V.ޞ�5"<��M��Hk�#���9�����0�P�@w��������z/=I��ݩ���ĺ��ҋ�'!�L��ɜ�Q.o��t
�VLum��-w�*�(J��M��!��<��_Vdg��y��YU��]YUe����?���K��qu�L^g�+�Jֳ�UUe��b�r�>��xn���(���"s9xQ
�0���/��);��6��l��nA2��
6��Z��#��Vo(�����+Z٥ՕO.8��`�`�m�WRDp��"(��|����K�h:��Fs��yq^��2^\��՟�Nj�Ƌ�bq�c�?��&5��ջ7��I�vp�����V�ar�B��}�n9�
�]�h1�u�݃낑�������ۨ�zp��B�y�m��`�:P���-[�B������lk��ZB=�����
Q[!j�%��mѽ��gOn��b�ʚ���WMɷr������+����c�
M�dPJ3���01���)�ܐ��鐆�2�7����A0=��O7������@J��jP��ɀZ�E}
&��d�&xc�B�V�>��1������wbr�.xy�a����؏�
8�}>�χ0��O��E>�ɀ�1���B��p=gQ�
0�.&>�d�UL.��
���ӛp�SL.Հ�;חw��	�Y�h����z���
��YaZ�^&�W�q�?���/�K�Ѿ�☿�������8�3Og�s���a�C���<���&s9���0�=/Lu� LNo	S����p��T��0���0���\�>�1/����ga���09uS�K�4nW��}�\�1�"L1�*L1?�8c�g����?����0���(��̍\��0ս.Luo��Ma��/�\��0�����	��m�5��%�ˤ��C�F%cB���G2���)z�Kt��{��u�x���6Qt�$��W���2E'Nf2�0?Ĝ.s���[�qѩ�}E'�Ktj�nщ3D�{�':qѩ�
�g2O�{�b~�y��Ԗ%:�Gtj+[t�A���ý_\'�<�ce^̜#� >�yE<Bt��\щ�E�{�E'.��0����e^�<����3�y)���|�en`�(:��N<It7���%_C�nP���Tw���SE���D'�
����w��#ijD��/��Bt�w�>щ�̕܇9�˙�N}�_t�y�S�D'~�y6׭fnf~Pt�o�N\#:Ŝ/:q��s�����쳈y�C��O��ċ!�~�<��5�x��4VKE'n��j��ď���j��ۢ�6�N�\t�o͢�`���}%�j�U_ۉW�E���^�a~��s-�Z��N�y�������qщoȻF���ah��8���$ �<(�\&9���e׳�2��䈦������?�I.'��Z���t��ď��Tf��κ^8�v�ԛ�3SoBQ����똍*�e�
��kU����ј��gCq���N;�j�R�@/�thJs���ϿU�z�l�;�o�$gR�M������o��q*�&}�D?�ݸh�g'r�p�,g"*x�����Y��xP؉�A8
���S��TL�
�/�k���&�#�������0x0h3�0d2�2�23
�t�R�`���*]��| ;�
�I��
�c�W��P
,���;`m���q'P�b���S��m�2��|�m��4���o՟������0�
��C
endstream
endobj
57 0 obj
<<
/Type /FontDescriptor
/Ascent 822
/CapHeight 681
/Descent -277
/Flags 262178
/FontBBox [-152 -266 1000 924]
/FontName /Palatino-Bold
/ItalicAngle 0
/StemV 133
/XHeight 471
/StemH 122
>>
endobj
58 0 obj
<<
/Type /FontDescriptor
/Ascent 750
/CapHeight 662
/Descent -250
/Flags 34
/FontBBox [-168 -218 1000 898]
/FontName /BFGDJN+Times-Roman
/ItalicAngle 0
/StemV 84
/XHeight 450
/StemH 84
/FontFile2 59 0 R
>>
endobj
59 0 obj
<<
/Filter /FlateDecode
/Length 13321
/Length1 20024
>>
stream
H��Vl�=���.�ט���f���S�0,f��6J����`�
�! S%
�JhHAp#�_HBKDEi�+T -D��H�M����kTU������ϻ��;���?:��k���W���l�WDC5���ƞ��ɊE1��G��D9F���pm��{�<��L��U��|�w�>�����9���Z����yK��<u��k�56R
���]�i�#/�� ������O�?~�W
����ژ�*N�t��[P����
-9Z\�9"��F�w~(Zi�[�g1��,��ASG�S�zk���Y��>/2�r�?R�܂�c��XO�|��z>:���]�z e;��#T��G���8���1b�F	҉Tm���&q-^H=u�c���7(���a胞X���`.aR��+b8�
8����8���'F��-��(@o�)��/p�K���E�)|�:lĽ<�C#�ƒt��Q6�U�$^��q��m_����y�o���J�!�1�Q#rd̮�p���qIt���+b��������y4���&�yNf`^�6X���%����ǎ�՘��鷅՜��%:��)���`�<�D>
���n�RU�S���)����
�;�?���}'v͏<C�(�����5ΐ.��,�'���ZԋS�P뢻���5̲
�]@���k��f��������v�#L9R����Κ_�d,�W�����y#:��%�q�a1��'�w��G�3��K|+�"I�0�qQ\���哌vZ[��kt�;��p�.�V��=�~�>c�c�n�>�I�<c&a
�f��u��U�{hb���.�[�E�,
�L�T�!N���+)e���3��ur�<+�kiZ����j����.�m�e#l,4~f���^�������G�{���}�������b�a��0�7X��N���,1�C��}fuGq����9s߰���D1DÙ�(cD�� ��~f�R�b�X)֊��b7�h 5�#�8'�IW�
�WҐn�*M�G�e	i)$+dDΕQ����< d�m�V��H�vB;�5k���z�ӗ��g��U��]#��oL3��R]C\�\{\��Ϻ��/� {�.kz����U�+�h�g����,�M���v�M��@�_H~R.�-i
{��7�xaN$��±���4ǔbAM�R���U9��^>8[��;�E3��DGV�4~7���

���>�������2�{�H랚ҭ�]�;'u�ء}���6n��kR ;h�{�>���,.�Qk3č�C喗[E��X�r�������U�Y�[,�,E�w��d{����$`z��I��7�2�uӑ�;�fG�@�磃7�	x-Q�
ZE�"����5�ل�9�Bv��
laThE$�LY�43���
G�eCak��`���W��m�Q�lf�թo�]�yi:��g�d�U�cC�������r%��)��P�%����Z)f�JY�y�w�V)��!�%3�B��El͆�e�Z�6rU2�˰r]Y�%֕�$���RE�T;��^�c����r��K��ӂf(Pfab������"'�)u�P�Ҕ32g��C}�+[�/��z��cw�3���"�I��iy+�CL暯�T棾"�f|���kyF��'=E/��L2��w��2o�xt'��qe&݁�u>����l��;�7����w����z��Q����^��8�~D3]{��5��B̑{1���~��
h����urt�'W���H!FEDU:ھI�U1�mB�{��O�1&1@�_a�Z�P�Uk����ѕr�ҹ��B
�|��W�L��'�
>�&xȕ_�;2N�b� h�PwjGo�QB�Mޏ<�<��*wUw2�΢_=e�r&{㣬0��(�{�c��d����DO��5c�x
u��S�3�Pu�֤�W9��S�=�D~7�K�͇r{ɏ!�
���u#��OP��n�W��z�
�f4���D�F��q�l@%��P�v�w؍�m���������{2�,��L.��LT���*�ޗ1�8���q��d���)OW�؆��f�A�x.��'�����[�3��X��T>�a�껺{1=�׸�0u��i�����(cW+��X���p���?���wT�������
�.Zl��#nk�(����Y�[�S��[��5�jNԌ8�
�ϙ]֡���o˻3MV�������b	�[z��|U���5cjvZ��YU�������:�43&{�������	YՑ���sNO��y�GU�q�wn�q��͋ 
�g��l`y	�
�"l�aAb��T�4	�R
-�P��
�d
�"�7�cD�H[j�Z��:Z�Z���S���?���=������;�s��{nQ�hS�^�_s�[3�o\���x�����Q��Y����wy����s��=j�7�l~N���{c�m?��ۏl†�ž���.�����K#���<�n{{�h��5���*�k ��}�I�g���xv?�{c��ν{�q�7F�~��|&���
��q�^�LY�
����.λ�H�m5��s���)�o�UJX���V���_j�;XPȹ��T�A��$mq�-�Yi�fC�����)��z�����}}�$
vi�'Z��Y���a3�f�u�����FTQiD��ūJla.G��+j���
��
�ʃ�y���W��G��?�.�rUu8�:ݔl��|9�K���VX'�������3�d����<�27�̵.�z*���s�O�4�ZiN�4K*͇*�W���0U�?#�|-׌�{s�5���\sd.�����y�+d~2φ̟��
!su��^��	���!Y�,3��>��5eK
$"�bn݂�̓�<ViL]?����Y1�1�G�l4|�*��փۦ��ց[#�lW�B�+U!���z�X�%��)�����c	p�⨷���Z�4Qy%�h�dGF}۰xD4��U���C����r�`|��$�
Cw�!�h�;�T���-��#�O�u� fC�fALG�;��Z�{���Z<��{��u#��Nz�c�\a_�8E���m�߰�x�Y?�l�^�q�n/��f��#�F�RS��V��Z0�%qq~����� �5�����٪��4-�f����u�Y�m�z����sք�I�*��QkL���|{�|ӭ<�=�kDx�5�T��֬'�s����c���aΡ΁�lg������z/=I�u�n�q�����y�03�d��6�T�rY͚�5�Z1յ!�6=��$�$ݗV4%�CV'y^O������s"���#�	����"c�`T]Q�����2�j��QW�U����3�"�+�����,��&*��~�CYd6�
7J��&�q�q�88eDZ�Ƹ���[��u���<Z'��#��6w0��v����إ�^@.8��b�@���^IU��.L�p�l�����K.������Ş�����U��*.���� ^�;^��{���W?����ٹ�������_yn9~L���ru��)�`���/XHv^}d���@d���������v*���`xNG��>�������MM��ikcw[M�z���5Q[����T�Jm�� ���o��ނ�fNj��tٲږ���[Mɻr�����-��d?����ɠ�f@/�e`b2 �R09!��!
�eAo����	�` z���n@	&����L�R�Z�E}.&��y�x�
�Y���ț�ǘo�d�6Lvx
�Gގ�;�E�]Ў�x	�a/��`�y?��>�d�{?	�B�8&^�d�p=O�I��5�F�L��d����
�0��3L\���No�
�/0�U����<Q8�$8\b��ك�S<�	$�R��O�.��09���>�J��:�a��0�Y� ���0�|C�b�N���<���	�����-a�����;�\���T�O�T�����a���,�{^��^�����}�j���y��H���	Sݏ�ɩS��\�q�¼����z��wa��a���0��'�"��*L��&�k���9�Sܟ37r���T��0ս)LN��)���q���T��0��R���2�b�.a]&%�z5*bMt�$S	��D�E��N쐹GG[��'�.:�nE'N}�!:q/��*St�d�s
����2��Ͻ�g�N}�#:��S[}E'�����E���N���0�K6��E��,щ]�S[9�����:��s(�B�\Y��L�[������D'.���#:q��ԇ1�!�?�y1�8�2��x�%�E����>���<At�)�x��4n>щ'C|��
Y�Aѩ�щ��N�x:����rY#�3D����Rt�w�щ��U܇Y��̳E�><*:�ѩբ?�<���0�0Gt��N\+:Ŝ+:q��s�����쳀y)�㢓O���!��<Y${�b�i���N� :�Փ�?%:�]�(:��E�1l��Yt�o-�/e~��}�
���ۉW�E�RtگV1?�㹚y5�D���Ft��N����7e���?S�y�~2���e<��x"�?��	b�k������N�|HS���D�g�͉/�$�
���?�ᜦ����iΔ�̼�7����H�U\�z�J�����lT�7-'m8�s��cwn��n�%\�r(n��~uQ݂��<�;kS	���%8L-AO��4�����C9�z�1�e�9��r67T~w�������e()�Z������E��_��ȉ�����n��%�M.��|m6�|'w�Kb4p{��%W�")z@��R8�P,=Qgh�:�S��R�
��|�eZ�c;3�L��CI�Ge ���t��+�f���<��y�O��P�6c�Q�SU�a��Y�w�]�ƶy�O�p�{���ҵ��j��>ɱ�Rg|����,�UI��妖i�j�&'V�E'�4؋ars�xQq^�����kp��z�n�L�.�5Z8)&5�v�b���``�IL�
$�t�Q��o��T����Rn����������h���7ή�)Ľ�D�2�8c�5{N����dw[���}�'��;��f�����6I��:]pLxg��j��l/o��tH�W��$�5ԡ�������w���<�oD�̳���p��®�ʙ�K��p6�;��z�Nuջ*ޓ�F��(�+|}��M1C�)�^���=�e{6t�=k5�!lH�
�/��T���@g�M�hC�N���>9<��Ew��X��D��Z�b�c�"��'�\NJ	�����+�i^������_@C������C�{g���<��@eq*���^AdE1�-������C>1������y�5�Ȍ)��9r�Y7�uT�$\G�Q���{ԿFZ��F|��W����I|���_HpYV1"�0-bT�'lt�Bq38�}#�Vf3eG�f�i��
�L:w�z 㮺��:W�p��c,�j��[ՖeJBg�
DK�+P�8y耠ކ��*xa��+�g����a�
^�bI�*�EW�#�{^6ӆ-#k_9~m��
'��i~zںY�l����;S�ԏ�I�����9D�wx�7Dm�9��y�G?�s����%7�y�sY����Z0���U�9�U�|8��IO��q&��$�p� ��o/�+�:߸��:�d�xcb�w'N��^��n��e��vwk���)%b횚�vw�n�;%���Φ�C$���v�T�Y��E"�����R(ERt�P&e�l�+�~s�g�Bof7�6Z7rm�-�-�]d�ݺ��n���
�
E�Z�r�Ȳ��v#,�D��o�%�U��f~�r�X ��C?D�)�i<h2���A$n����n��BPh�G��~�b�dKB6��J�	�)�����&*���
A�/�
4�q@�e�s��]��(�MR�T�-�c���?����������#_���X���!�T%�G
4�:��9p+Ф�m���Es�>�ގ�f~Ro��;����W}����0�;g�����R��fU�����mv��'�{;�C�v�����"�:�sZ�&������'�o�G��_��ԗ諔9��U�f"vYre,a�-�����2�ڟ�;��� ���2Yp"K6����k�1<O�8t,DB�m����ar�3����gպ�*<��:��U_���qzH�P�%Ӳ��^U�jړ�G���QR��#$[��qU�,Dž)�y*�b���x�����I��
t)S%x,�������}s<'z+K�_7c�:<����W�����vc1>6��W��81��GM\F�]+���n�����g�|�׷^���W���>�w{��PyXsT�کu���[l��y�H7Y��:d��GZe�W�؜�YE���y�|�WÆ#��K�:t|jt_�z_��C����!��
t�eU6��I����e��%4�LOc� %��v>��:��Cyh�xXS ��Ϲ�ڿO���״���S���q��-Z���Ͽl��^h�6�z��́���k-�Ud�r�U�k~{g���J�~�	ܧ�3�$N%�O�g��V�^����fF�u��W��H���LI�x��%6�8wx$J@B��wrDFLB4f&5L�r�M=��mY�ٚ����l"ADa�i�y���X�a�#���3���	9���
� $	}�?��u�-c��s� ����Tj|�X�5R��V%�T'��ּ}l�{��"2��LYAk�N�ӿn^θ�{�mm��盧�?wzn�z� ^���U�6�����Ck��9Mf���C�7
!�l��Of;G�Q�4�FqVyN
����+�dX���l4֐Qk�ޣ梊H�)fɶ�#3�RD!�����}����Ͼ��Ύ���>_���qv^v�Ą<�*L�ڌ�0�c���(���1hQYjG�ݪ�1�P�Ek�m��Y�:@PMm�U(V�-T�H��~gC7[��w����~��T��tY"���w)��[��űQBw���2N1L(
�[Zw)b�p/i�N���(�Z�E�{�Xѥ/���Z9��k�UtpQ[X⦇Z�Je�쒂�	x�뇸:�Q���`X�LZ��uw��lNp��9�gϕ���
yE��f�����te�����^Q7�
��}�t�4R�]:k������B+��*����f�?�.��5@��gėd/؞G��Mx�aK"dsB")��h3?I|���9A�.��Щ.�р��6A
�Ɠ>Akz9\�c��7���r\���ӰǓC�� �l�6��2nl�D�����*uuȑ��M���{��^yr����~��Ƽ^Q�5���Њ��溙�tG�۠Y
^�w��
<�<�w-w�}z�Lj�����!������mE��v1^���ظ�e�8�0�&��x�1�h��BH!��	d�	��O<����ӹ��gm�֤��t1�Bc��uX��E!����K��� �γs}��v��tԋ�Ǜ����חĸl^��Kl�ʔBiE1}�������'GD�\�Je���r���=��#�x.T�<�l�B�A*�DAIH��?l'iQ��L�C+.R��b�,愔�P /��P%�k#�g��Ը�"[�r��*��=լ&*l��	:�>���,|��A������
�Fp�DΩ�2?�I��Np4�($���[���A{u&��]������%|��U��;�S������w+���]��`�Q��Y�鵝F��y�,��)g�1����dQ�
�A&�
/
3��=��?kn�t�a)S�	�����n�.�sE��8��M;�K�V�uG⪀��;�K�+���b��f��j�NR�j�7
M�pu�
���c�PD�3����	~a��mÚ�T�������@h>���8��6'Ǯ�(�r�ʁ0dG�=�����t�*]x�9ƣ�N��z�g�F���`Bg���
�XK�.���
]JV�jd��e
�6bd�q�D>��
��2QrΎ�,li��$T•�]�>4,�J�r z򐶾J$|��{��o�<7�����_u��(Նh�����,ޑJ}��HW��]v�Z���6<�籗�Y�b^����o~}��F,�?whh`As�m�����G�67�1�
�f�E�&O��"fCS~�]�B��n=a�2�#�{�����R�R��f�z݄�����uQ�/P
V+��֫�l]��}���A�ն4khkegӳ�a�MΎ��k��Q":J�<3�:CTg~��'�t�Y39��s0wq5������|y��ֹ��e5�f��K�҄lV�M�J
t���8]v���p�4
B`���
~����ɂa��R+QG�ӧ�L\M&-��#��tTӈ(��Oe�
0\Y!����}�p�c�~��W��6�*#;���<�%̵.���[:[����[�� ���t��1߼��幧
+#s�BҔ54;ͳj������g�"4�=�@kG0=<H�G�"��np���7�g�z<h��
^w,>�O�˴$
zK����!��wZF	"τ�>Y�{t�™�H�c��9�Gh,�#\��+N�{
n_��M~�8t̢����=��m8
�t��uJ,	��QN3z���6>�u��K����Z��4��k�ޞQ_��y�~�p*����+���Rwy������@!�G�!����{_t���������㧛�.v	�Ƹ�Y�X��ff�9�9و����&\n;͘u�D�~;�����!���d�3��*ה[�-�Zl�M���X�!�]А�E����S�ED���
��
��4�ii^��Zh=�(�4HĶ�jJj2��A1�����Z�����Ç}
����?"fSj���x��W�����?��a���(���h
7��^��D.E.�?�O��`�������z,�k�����?�����7c7ԫ�26����uj!�c����ka����X_�JR.*�OJ.R��B�<llH�-m�Ȇ��-�wA���\��gQ��fai�^9�+^k*�r�wA�vc�U~�Bk�F�M��t�c�
l�m��m�/�e��y��{�9�|��>�}w��l�_��ͯ�Kb��$

��i�@E�A]WV�SDz��u�VY��ul���VPS�2Ƥ����Ѫ��jҠ�Fl���)�I���s����|���)
C�`��Dv �ЪH"���z��l�e�;Rl��9�^r��Ф4&iַ�mm�Q�8�qy��[�Ff#C3���5q��[�?�cxR��]hǡ��E�`ŷ��vͿӓ��uQ��6@�xd�_^
'�z����#�m��)\g0F�^��մ����{��k�G?a�}��7o���0b�b��_$.�׈O��Le\�2�Q�AC�$=�q�S�������qU�^���4������>o���JĚz���ZY�nt�%�lm��"����h ���`�a��K��a3껀�a�Iks&ҵ_#�VP�8�=��d��7^�<m~󩭇
��G/������2/[���1��
�\����vl��|Hg/������M�5C�����-��l�ư+�
C��}{��7�h042T�ؗ���g���.�������4��LO�B�02J
'|49�,��������1Qv�xw�:6�
�gI�D��iy��0��3�jɚ?����c�!�O�o����V�1t�^�h8X���,b�=��h��V�V����BM3v
46F�;�]l�\p��<$e힨�R�A�[��J��o웾�:�Cee��袣1u��f�~=̍8�����1w���E�Y�=W�����'����B���-%�ar��س�T�wi��>�
VC���գ����f_g�s�F�l3{�?}����B�]4k�5)㛜�أ�^��{_�&.!��(�b�k%~��%�����/�����]�
�"&��X��r��(E���E�--��h�F5F0�
S�92�y͡`�-j֓`Ԗ(
���'Z=���,��ߵ����qچڤ��yW�y��R�&5�m곪n6ݠ�Z��L��wǗ���ʤ'k�Z�����5[^��K���=k�J�TK���|����%+G����m+�%���
oxl���ؙ�%�ٛ�Ɋ�hA�_.����HK�
ʲKfV�kJ�}����a�H%dVu�-�
�O����w�pT_�j?�Ɨ�2��j��Bm�����3	꟦֍V�셏~9��R(����?��l1�hyu@2�
Uѐ�.�Oo����=�a�Ys�4U�t��
���c�IJ��ҞE�5��;�4�Y�!���r؟�3�q�x�Ay[�g�9�r�`�X���N.�b�x<�&:�kaoM.6��(IF,�a)�Q�\=��`W�	u�z^�jgFӝ��fe����a5�t�ܺq�)..�q%��6�ҔT��J�xsn�^[E뤉[D&����z�^�d�<dWТ>�qV`O��4�D��D!���kl%�p^���y��]g�94\��%3U�c�;T�Kdb�lq�%W��f��O�l�i���D.9��י��(ံZ4�I��
d�^T{EW�71
�ZI�0؇I��e��NtZ$�k' �~,�f7R�);�����]<���N�^��3��4�{-΂����$̯�J�[���n6��<��=<�$u���&�	�%�v�4������i+2��I��Q�oP��_h/��CR�$�ADI	9H˵����)���d��E��F&~ٜ"Sa%�"%�I�Ӭ����6=ݡ9�[�6�h3�f7��9�Bh�a(5�P�\b�+��QTݑ��Q��j� �{��1����,�ю.�a�YO�u��V�g�w�WG�:K�]�@�4P]ޗ��uH�"�� ����qu�j�`	H����2:�$tT��q	Ub�;��A�����T��m�c
�9�c^�o�
<�$aļ�1t�\I7N�I�����-��5��m`�ȢQ�C���q�^�VLhPh`c���N�+����+x�3ƜFtҍ�6�i�Z<`��L1V�E<�IU.�
��?��~
�;7��νG��9�ο{�z�ϧ���o����	��k�B!!�D����^�L�"@SKD���&+2QD>1�|^�
��#N�C��
�'��=�=�*��&�~�-5T��S��7o�Ζ�x�X��`ٍٹI�Z�\-^��Z-^�1
��� �7<�J>[����啸���$,=ZJ��Jxܲ�\u�M���#��l�.3����B{$�h2_-���~���3�_�'���_��M�g�}������|���/>��8>ǎ�8���g���P�����Ь���)D�cc���VZ˺M����A�jCSF�M�V؇��n�������R���y�K'1:i�_}��w���9��}���=ݨ��j܏�8H��%�A�!��s޵�r�����
�����#��%�z�NY
�Q��qE���1x��L\t#���a�k=���t:^���T(e��X@�N��K�oU
��z��^���a�57��<��
ȬAs�S�r+�|�Va����|��t�
�K�?xJ��fЩ鶸����b�ͧ��a������j�@���tT���.|Ka���������l?��Oo�(}����ůr��Ȭ&�����]}���hW������9fT7-�9z���l�y�����;R;��ܣ>}"3��v�։j'�����RLg�θ��n�:������#��I��3%8W�+�*�+˲P_�P�4X�{S�_U���>KSB��d��*�@8&���5eR&����+�[n/�J��ĺ��Ќ��˛+�n;��H����f�Ɔ�P�ӌ��J��6��$�D�0�B6� =[��n�&�Im�����'�'5^sk*�9TO["9�f�(�*�	��dTp���1�]6ĝ&��9�i��t�ᜑ$I�+kɸ2�d"�!;CV�A3Qѫ{�
Qo�ltҦ��h�VB� ��u��`������k�WOV�U(��/��7>7��H�'�]����V�]vj���}w����>�������lؤ�������P�z���̹{S�
�3�-�cU�Hp�:}%�������@��/���&|���ݱ�ܴ0����O���Oc���q�c9�/��\(Ȳ�b,��|���u]��X�*
��� %.ᕗj����/��$p�=wyjnE�Jo��e��L�7�2$[�v�-\�u#�7PJ�"�h�TK���(�$��K����yw�&�ڝI7~�9x��k�����s#�BT���">�O�xZ�l��z��	����DF#�t�|��
`gsՅ$�̗�H)>�3<�y8/'�yYO�'����@����>����J>_���Q����8Ј1�b!R�lv\�����p��j�-���~��ԁ��h��,qT@�	XX����`�[I�[i����p)��Y*��CυZ['��.���ʷR��6���T]#�D�ct�Yay9#,���e� 	�gI�����Y�?���7Hc�U!e!8��ZUd1N/��Η^t�]f#�m\�1���C�#�������>�՝��c穌$�t�s�#��
dc
���	
�ړ����c�r�_�Y��=�aa	����Ʃ�;��4��&l�j�J�y!u�w��'Øu��δ9�EF͝���c�<k^4mzFL��8�D��Y����q�43&��0��J�9Տ�R=y6�:��%tJ�RA;
DʽkS���)�/�n������6������H��A�zD��4b
�� w9�y�v�������Ϸ?z�����t��+��qI�)���c��IO4Z��rr�E�(M�w�W~��W:z��f�:?�cs�j��h߲�6
/4�JS�5z�^�Wl�,��1[�
�
{����Ư�_v|��u>�|��m�:�S�<S��<�yǽ���dߗEI|ƿ�_��O�S�ߛ�'(�ܤIP��
�1莍^�����>��fg��R��,<tC���}�C��k#ht�V4v�w;B��ص{���o�_�
=�$j��ՄI�ڄ6�EchG�!�%t�D�7o���_	mDCk���i�Et#~7�xgk��'i�=8���h$"��6�b3��I�x�a���B�A�౷�m�O�0�{��kC�c��f�n?2���'�
6���!���
l����v�N����������w�~t�/��>;x�y=�X`@K!��	_�>��2�>|{i���w�9�����~aP[l�p����O�_���+�<�
endstream
endobj
60 0 obj
<<
/Type /FontDescriptor
/Ascent 753
/CapHeight 562
/Descent -246
/Flags 35
/FontBBox [-28 -250 628 805]
/FontName /Courier
/ItalicAngle 0
/StemV 51
/XHeight 426
/StemH 51
>>
endobj
61 0 obj
<<
/Type /FontDescriptor
/Ascent 822
/CapHeight 681
/Descent -277
/Flags 262178
/FontBBox [-152 -266 1000 924]
/FontName /Palatino-Bold
/ItalicAngle 0
/StemV 133
/XHeight 471
/StemH 122
>>
endobj
4 0 obj
<<
/Type /Font
/Subtype /TrueType
/FirstChar 32
/LastChar 152
/Widths [250 278 402 0 0 0 0 0 333 333 444 0 250 333 250 296 
500 500 500 500 500 500 500 0 500 500 250 0 0 0 0 444 
747 778 667 722 833 611 556 833 833 389 389 778 611 1000 833 833 
611 0 722 611 667 778 778 1000 667 667 0 0 0 0 0 0 
0 500 611 444 611 500 389 556 611 333 333 611 333 889 611 556 
611 611 389 444 333 611 556 833 500 556 500 0 0 0 0 0 
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
0 0 278 0 0 606 0 0 333 ]
/Encoding /WinAnsiEncoding
/BaseFont /Palatino-Bold
/FontDescriptor 57 0 R
>>
endobj
5 0 obj
<<
/Type /Font
/Subtype /Type0
/BaseFont /BFGCPH+Times-Roman
/Encoding /Identity-H
/DescendantFonts [ 62 0 R ]
/ToUnicode 63 0 R
>>
endobj
62 0 obj
<<
/Type /Font
/Subtype /CIDFontType2
/BaseFont /BFGCPH+Times-Roman
/FontDescriptor 55 0 R
/CIDSystemInfo<<
/Registry (Adobe)
/Ordering (Identity)
/Supplement 0
>>
/DW 1000
/W [
239 [563]
]
>>
endobj
6 0 obj
<<
/Type /Font
/Subtype /TrueType
/FirstChar 32
/LastChar 121
/Widths [250 0 0 0 0 0 0 0 0 0 0 0 250 0 0 0 
0 500 0 0 0 500 0 0 0 500 278 0 0 0 0 0 
0 722 667 0 722 611 0 722 0 0 389 0 0 0 722 0 
556 0 0 556 0 0 0 0 0 0 0 0 0 0 0 0 
0 444 500 444 500 444 0 500 500 278 0 500 278 0 500 500 
0 0 333 389 278 500 500 722 0 500 ]
/Encoding /WinAnsiEncoding
/BaseFont /BFGDJN+Times-Roman
/FontDescriptor 58 0 R
>>
endobj
7 0 obj
<<
/Type /Font
/Subtype /TrueType
/FirstChar 32
/LastChar 103
/Widths [600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
600 600 600 600 600 600 600 600 600 600 0 0 0 0 0 0 
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
0 600 0 0 0 600 0 600 ]
/Encoding /WinAnsiEncoding
/BaseFont /Courier
/FontDescriptor 60 0 R
>>
endobj
19 0 obj
<<
/Type /Font
/Subtype /TrueType
/FirstChar 222
/LastChar 223
/Widths [611 611 ]
/Encoding /MacRomanEncoding
/BaseFont /Palatino-Bold
/FontDescriptor 61 0 R
>>
endobj
63 0 obj
<<
/Filter /FlateDecode
/Length 215
>>
stream
H�TP=O�0��+<��ƪ�c���ha�K��:����$Q��m��ӝ-/��@>�|�`FL�<Y�5ll�8{�V��&]�f�d&���p��:!?�pM���4=>4� ��"{�3�>�22n1��������N�ˋ��zA���N{DP�o�`q�� k���Aן������3ߚŹ�T�z�����M7fc����H��	o��!��W�
[�k�
endstream
endobj
1 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 3 0 R
/Contents 2 0 R
>>
endobj
10 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 12 0 R
/Contents 11 0 R
>>
endobj
13 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 15 0 R
/Contents 14 0 R
>>
endobj
16 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 18 0 R
/Contents 17 0 R
>>
endobj
20 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 22 0 R
/Contents 21 0 R
>>
endobj
23 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 25 0 R
/Contents 24 0 R
>>
endobj
26 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 28 0 R
/Contents 27 0 R
>>
endobj
29 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 31 0 R
/Contents 30 0 R
>>
endobj
32 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 34 0 R
/Contents 33 0 R
>>
endobj
35 0 obj
<<
/Type /Page
/Parent 9 0 R
/Resources 37 0 R
/Contents 36 0 R
>>
endobj
38 0 obj
<<
/Type /Page
/Parent 42 0 R
/Resources 40 0 R
/Contents 39 0 R
>>
endobj
43 0 obj
<<
/Type /Page
/Parent 42 0 R
/Resources 45 0 R
/Contents 44 0 R
>>
endobj
46 0 obj
<<
/Type /Page
/Parent 42 0 R
/Resources 48 0 R
/Contents 47 0 R
>>
endobj
49 0 obj
<<
/Type /Page
/Parent 42 0 R
/Resources 51 0 R
/Contents 50 0 R
>>
endobj
52 0 obj
<<
/Type /Page
/Parent 42 0 R
/Resources 54 0 R
/Contents 53 0 R
>>
endobj
64 0 obj
<<
/S /D
>>
endobj
65 0 obj
<<
/Nums [0 64 0 R ]
>>
endobj
9 0 obj
<<
/Type /Pages
/Kids [1 0 R 10 0 R 13 0 R 16 0 R 20 0 R 23 0 R 26 0 R 29 0 R 32 0 R 35 0 R]
/Count 10
/Parent 41 0 R
>>
endobj
42 0 obj
<<
/Type /Pages
/Kids [38 0 R 43 0 R 46 0 R 49 0 R 52 0 R]
/Count 5
/Parent 41 0 R
>>
endobj
41 0 obj
<<
/Type /Pages
/Kids [9 0 R 42 0 R ]
/Count 15
/Rotate 90
/MediaBox [0 0 612 792]
>>
endobj
66 0 obj
<<
/CreationDate (D:20040904151429-05'00')
/ModDate (D:20040904151429-05'00')
/Producer (PSNormalizer.framework)
>>
endobj
67 0 obj
<<
/Type /Catalog
/Pages 41 0 R
/PageLabels 65 0 R
>>
endobj
xref
0 68
0000000000 65535 f 
0000049443 00000 n 
0000000016 00000 n 
0000001085 00000 n 
0000047293 00000 n 
0000047860 00000 n 
0000048216 00000 n 
0000048640 00000 n 
0000027775 00000 n 
0000050758 00000 n 
0000049523 00000 n 
0000001213 00000 n 
0000003339 00000 n 
0000049606 00000 n 
0000003468 00000 n 
0000005151 00000 n 
0000049689 00000 n 
0000005280 00000 n 
0000006556 00000 n 
0000048978 00000 n 
0000049772 00000 n 
0000006697 00000 n 
0000008543 00000 n 
0000049855 00000 n 
0000008684 00000 n 
0000010730 00000 n 
0000049938 00000 n 
0000010871 00000 n 
0000012662 00000 n 
0000050021 00000 n 
0000012803 00000 n 
0000014406 00000 n 
0000050104 00000 n 
0000014547 00000 n 
0000016801 00000 n 
0000050187 00000 n 
0000016942 00000 n 
0000018787 00000 n 
0000050270 00000 n 
0000018928 00000 n 
0000021228 00000 n 
0000050996 00000 n 
0000050894 00000 n 
0000050354 00000 n 
0000021357 00000 n 
0000022958 00000 n 
0000050438 00000 n 
0000023087 00000 n 
0000025031 00000 n 
0000050522 00000 n 
0000025172 00000 n 
0000026295 00000 n 
0000050606 00000 n 
0000026424 00000 n 
0000027646 00000 n 
0000027915 00000 n 
0000028136 00000 n 
0000033059 00000 n 
0000033264 00000 n 
0000033486 00000 n 
0000046897 00000 n 
0000047088 00000 n 
0000048007 00000 n 
0000049155 00000 n 
0000050690 00000 n 
0000050718 00000 n 
0000051098 00000 n 
0000051230 00000 n 
trailer
<<
/Size 68
/Root 67 0 R
/Info 66 0 R
/ID [<c62fc452e659d4ac2c4578d161abb947><c62fc452e659d4ac2c4578d161abb947>]
>>
startxref
51300
%%EOF