Can you think of any drawbacks of the ZTIC device?, management homework help

User Generated

nmvm980

Business Finance

Description

Please open the file that provided to you on the attached below then answer to these questions

3. Can you think of any drawbacks of the ZTIC device?

4. How might malicious attackers try to get around devices like the ZTIC?

5. Do you foresee a future where malware is completely eliminated, or protections are so

good that malware is no longer a threat? Explain your answer.

Please write down your answer in the word file below

Minimum 150 words per questions

Please provide your reference

Unformatted Attachment Preview

Case 2: IBM Zone Trusted Information Channel (ZTIC) 1. What are some common types of malicious software, or malware? What best describes the “man-in-the-middle” type of attack? There are many different types of malware in the threat landscape. According to Verizon’s 2016 Data Breach Investigations Report (DBIR), the nine major security incident classification categories are: web application attacks, point-of-sale intrusions, insider and privilege misuse, miscellaneous errors, physical theft and loss, crimeware, payment card skimmers, cyberespionage, and denial of service attacks. Although new types of malware are constantly under development, they will generally fall under a few broad categories: Viruses & Worms: conficker worm is a form of malware virus, which consists of harmful programs designed to infect legitimate software programs. Once a person installs and runs the infected program, the virus activates and spreads itself to other programs installed on the computer before taking further malicious action like deleting critical files within the operating system. Trojans: a common type of malware. While Trojans typically appear to be regular software, they are often bundled with other software that can introduce backdoors allowing unauthorized access to your computer. Trojans do not attempt to inject themselves into other files or applications like computer viruses do; instead, they use tactics such as drive-by downloads or installing via online games in order to reach their targets. Shadyware, PUPs, Adware and Keyloggers: these types of malware do not technically fit into the virus category because they are identified as “potentially undesirable processes” (PUPs), they may still invade your privacy, contain malicious code, or at the very least become a nuisance. Adware is a form of financially-supported malware that usually presents itself in the form of unwanted advertisements displayed to a user Keyloggers can collects information and transmits it to interested parties. RAM Scrapers: RAM scraping is an old technique that has been given new life as a tool for stealing payment information from compromised point-of-sale (POS) systems. Botnets: Botnets/bots work in a way that is similar to spyware in reporting back. The difference is that malware that turns a computer into a bot does not usually collect information like spyware does. Instead, it just sits there waiting until it receives commands from a command-and-control server controlled by the attacker. Recent attacks against Twitter, Spotify, the NY Times and other major sites have also been attributed to the same botnet. Backdoors: Backdoor attacks are accomplished using methods similar to botnet/C2 attacks in their infection tactics, often using watering hole attacks and other methods to compromise systems and are used to secure unauthorized remote access to a computer or obtain access to plaintext in cryptographic systems. Crimeware: ransomware is a form of malware also known as crimeware. The biggest change to the malware landscape in the past few years has been the emergence of ransomware and ransomware-as-a-service (RaaS). Ransomware uses spam, social engineering, drive-by download and malvertising as infection methods. It basically locks up the files on a computer and holds them for ransom, usually to be paid by bitcoin. A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. 2. Provide some examples of each type of authentication factor. What are your personal experiences with each? There are three categories of authentication factors. These are generally broken down as: Knowledge factors: It is something you know, such as a username and password. This factor is one of good security. As we could say from our experience, people tend to choose very simple passwords to remember them. There is why nowadays websites have password requirements like numbers, letter, symbols and security scale to make them more diversified and secure. Possession factors: It is something you have, such as a smart card or a security token. From our experience, each possession item could be lost or stolen. For example if a credit card will get lost or stolen an owner need to report it to the bank, block it, and wait till new will come. Inherence factors: An inherence factor is something you are, an inherent biometric characteristic such as a fingerprint, voice or iris pattern. From our experience they are they the 1 strongest level of security as those characteristics are unique to every person. 3. Can you think of any drawbacks of the ZTIC device? 4. How might malicious attackers try to get around devices like the ZTIC? 5. Do you foresee a future where malware is completely eliminated, or protections are so good that malware is no longer a threat? Explain your answer. Reference Case 2: Barraco L., (2016) Common Types of Malware, 2016 Update. Retrieved on April 8, 2017 from https://www.alienvault.com/blogs/security-essentials/common-types-of-malware-2016update N.a. (2016) Man in the Middle (MITM) Attack. Retrieved on April 8, 2017 2 From https://www.veracode.com/security/man-middle-attack Rouse M., (2016) Authentication factor. Retrieved on April 8, 2017 from http://searchsecurity.techtarget.com/definition/authentication-factor 3 Management Information Systems 14e KENNETH C. LAUDON AND JANE P. LAUDON CHAPTER 8 CASE 3 SUMMARY SECURING INFORMATION SYSTEMS IBM Zone Trusted Information Channel (ZTIC) More and more attacks on online banking applications target the user’s home PC, changing what is displayed to the user while logging and altering key strokes. In order to foil these threats, the IBM Zurich Research Lab has developed the Zone Trusted Information Channel (ZTIC), a hardware device that can counter these attacks in an easy-to-use way. L=3:07. Systems URL CASE http://www.youtube.com/watch?v=mPZrkeHMDJ8 Online banking is growing in popularity due to its convenience and ease of use. However, as with any transactions that take place over the Internet, online banking transactions are vulnerable to multiple types of malicious attacks. Although phishing is still a common method that hackers use to commit bank fraud, another method that is difficult to combat is a “man-in-the-middle” attack, referred to in the video as a “man-in-the-browser”’ attack. Banking transactions are traditionally conducted via two-factor authentication (T-FA). An authentication factor is a piece of information or process used to verify the identity of a person (or other entity) requesting access to a restricted asset or area. Authentication factors are classified into three groups: human factors (biometrics, for example, “something you are”), personal factors (“something you know”), and technical factors (“something you have”). Two-factor authentication is a system in which two different factors are used in conjunction to authenticate. An example of a traditional two-factor authentication method is the use of a bank card and a PIN number to access a bank account from an ATM. continued CHAPTER 8, CASE 3 IBM ZONE TRUSTED INFORMATION CHANNEL (ZTIC) 2 However, if a transaction is initiated on a computer with malware installed, the security of the transaction is compromised. Not even “padlocked” areas of the Internet that would otherwise be secure can protect against this. IBM’s Zone Trusted Information Channel (ZTIC, pronounced similarly to “stick”) protects against this. The device sets up a secure link between the ZTIC and the bank’s server. Because there’s a direct connection between the user and the back-end banking server, and because this session is protected by keys that reside on the device itself (and not on the user’s hard drive, where malware can find it), the ZTIC guarantees that banking transactions are secure. Additionally, the user must press “OK” on their ZTIC to legitimate any banking transaction. So if a user suddenly sees that their ZTIC is asking them to authorize a very large payment to an unknown account, he or she can cancel the transaction before it takes place. According to IBM, “Various alternatives exist for protecting users against state-of-the-art attacks to online authentication, such as chip card technology or special browser software. The core difference between the ZTIC and these alternatives is that the ZTIC does not rely whatsoever on any software running on the PC, such as device drivers or user interface elements, as these can in principle be subverted, e.g., painted over, by attackers’ malware.” Hackers and malware are continually developing new tools to commit identity theft and fraud, so it’s important that new advances like the ZTIC become available to stay one step ahead. VIDEO CASE QUESTIONS 1. What are some common types of malicious software, or malware? What best describes the “man-in-the-middle” type of attack? 2. Provide some examples of each type of authentication factor. What are your personal experiences with each? 3. Can you think of any drawbacks of the ZTIC device? 4. How might malicious attackers try to get around devices like the ZTIC? 5. Do you foresee a future where malware is completely eliminated, or protections are so good that malware is no longer a threat? Explain your answer. continued CHAPTER 8, CASE 3 IBM ZONE TRUSTED INFORMATION CHANNEL (ZTIC) 3 COPYRIGHT NOTICE Copyright © 2014 Kenneth Laudon. This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from this site should not be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Answers posted please confirm.Kindly go through the work and give me a feedback

Topic: ANALYSIS


Cover page



Questions Analysis



References


Case 2: IBM Zone Trusted Information Channel (ZTIC)

1. What are some common types of malicious software, or malware? What best describes the
“man-in-the-middle” type of attack?
There are many different types of malware in the threat landscape. According to Verizon’s 2016
Data Breach Investigations Report (DBIR), the nine major security incident classification
categories are: web application attacks, point-of-sale intrusions, insider and privilege misuse,
miscellaneous errors, physical theft and loss, crimeware, payment card skimmers, cyberespionage, and denial of service attacks. Although new types of malware are constantly under
development, they will generally fall under a few broad categories:
Viruses & Worms: conficker worm is a form of malware virus, which consists of harmful
programs designed to infect legitimate software programs. Once a person installs and runs the
infected program, the virus activates and spreads itself to other programs installed on the
computer before taking further malicious action like deleting critical files within the operating
system.
Trojans: a common type of malware. While Trojans typically appear to be regular software,
they are often bundled with other software that can introduce backdoors allowing unauthorized
access to your computer. Trojans do not attempt to inject themselves into other files or
applications like computer viruses do; instead, they use tactics such as drive-by downloads or
installing via online games in order to reach their targets.
Shadyware, PUPs, Adware and Keyloggers: these types of malware do not technically fit into
the virus cate...


Anonymous
Great! 10/10 would recommend using Studypool to help you study.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags