ECEN 602 Homework 1 Sp 2019.pdf - ECEN 602 Spring 2019...

This preview shows page 1 - 3 out of 5 pages.

ECEN 602 Spring 2019: Homework 1 Due: Jan. 23 10:20 am 1 Homework 1 ECEN 602 Due Jan. 23, 2019 @ 10:20 am 1. Peterson and Davie 5 th Edition (P&D) 1.3 (Chapter 1, Problem 3) (14%) 2. P&D 1.13 (14%) 3. P&D 1.16 (14%) 4. P&D 1.30 (14%) 5. P&D 1.31 (14%) 6. Two Factor Authentication (14%) Two-factor authentication is available for logins to both the TAMU CAS-enabled web services (e.g., Howdy Student System, TAMU Gmail, Gateway, SSO, TAMU VPN Cisco AnyConnect, Maestro, Library EZProxy, Research.gov, etc.) and the TAMUS SSO services (e.g., Workday Cloud HR/Payroll, Concur Travel, Maestro Research Admin, TrainTraq Training, etc.). Enable Duo two-factor authentication for your TAMU NetID, and turn in a screen capture of your smartphone/tablet Duo app Login Request screen or the Duo web page (the latter if you are not using a smartphone/tablet app). The basic idea of two-factor authentication is that it takes two things to login to your account: (1) something you know, typically a password, and (2) something you have, e.g., cell phone (text message), smartphone (app), hardware token, fingerprint, etc. If you accidentally type your password into a fake web site in response to a phishing attack (e.g., John D. Podesta, Hillary Clinton’s campaign chairman, clicked on a link in a phishing email in March 2016, and 60,000 email messages from his Gmail account were accessed after a clueless campaign aide indicated that the phishing email was a “legitimate email”) , or you use the same password at many sites and the bad guys hack one of those sites (e.g., Yahoo! disclosed in Dec. 2016 that 1 Billion user accounts were hacked in 2013, and in October 2017 they updated this number to 3 Billion, basically all the Yahoo! accounts), enabling two-factor can protect you in many cases. Almost all data breaches start with compromising employee or customer accounts to get access. The Verizon Enterprise 2015 Data Breach Report notes that over 95% of Web application attacks involve harvesting credentials from a customer or a customer's device and then logging into a web site. In 2013, we
ECEN 602 Spring 2019: Homework 1 Due: Jan. 23 10:20 am 2 had nine A&M System employees give up their SSO credentials in response to a phishing email attack. The hackers changed the direct deposit account numbers in an effort to steal paychecks. With two-factor authentication, even if your password is compromised, the hackers will not be able to login to your account in many cases. I say many cases because there was a clever attack on certain European banks' debit card holders in 2014 where the hackers got 1000's of customers to not only give up their credentials but also to download an Android smartphone app that read the two-factor code sent in an SMS message to their cell phone -- these users had their bank accounts cleaned out.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture