21.1 Why System Are Vulnerable?

	Data as we know are stored in electronic form which are vulnerable to many kinds of threats than if they existed in manual form.
	Information systems are interconnected through communication networks and that is in different locations.
	The probability for illegal data access, abuse, or fraud can happened at any access point in the network as shown in figure (21.1) the contemporary information systems are threatened by different factors such as technical, environmental and poor management decisions.
	As shown in figure below, you see that vulnerabilities exit at each layer and between them in the contemporary information system.
	At the client layer, users may cause harm by accessing the system without authorization or by introducing errors.
	Data flowing over networks are possibly to be accessed and stolen during data transmission.
	Intruders can launch malicious software to disrupt the operation of Web sites and they have the capability to penetrate the system and destroy data base.
	Also the partnering with another company can add to systems vulnerability, so if there is no good control and strong enough safeguards, data could be stolen, lost, destroyed or fallen into the wrong hands.
	Due to the benefit use of mobile devices specially in computing business, it adds vulnerabilities to networks.

21.1 Why System Are Vulnerable?

	These help outsiders to penetrate their network and steal date or destroy it.
	Through these devices intruders are able to access internal corporate networks.

21.1 Why System Are Vulnerable?

Internet Vulnerabilities

	Internet is a large public networks which are virtually open to anyone, and that make it more vulnerable than internal networks.
	If the internet becomes part of corporate network, the information systems of organization are more vulnerable.
	Computers which are connected to the internet either by cable modems or digital subscriber line (DSL) are more open to be penetrated by outsiders because the use of fixed internet addresses that can be easily identified.
	Hackers use a fixed target which is created by a fixed internet address.
	The service of telephone based on internet is more vulnerable than the switched voice network.
	Most of voice over IP (VoIP) traffic over the public internet is not encrypted, so it is easy for anyone with a network to listen to the conversation and easy for hackers to intercept conversations or cause shutdown of the voice service.
	Growing use of e-mail, instant messaging, and file sharing from peer to peer, increases vulnerability.
	E-mail may contain attachment that penetrate and access to internal corporate system. Instant messages are used to transmit data but the instant messaging applications do not use a secure layer for text messages.
	So it is easy for outsiders to intercept during transmission over the public internet.

21.1 Why System Are Vulnerable?

Wireless Security Challenges

	It is not safe to log in a wireless network at an airport, or other public places.
	Also the wireless network in your home are vulnerable because of the bands of radio frequency are easy to scan.
	Bluetooth and Wi-Fi networks are vulnerable to hacking by individuals. Local area networks use the 802.11 standards which can easy penetrated by outsiders.
	Hackers use tools such as laptops, wireless cards, external antennae, and hacking software to find out unprotected networks, monitor network traffic, and gain access to internet.
	Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resource of a network without having any kind of authorization as shown in figure (21.2)

21.1 Why System Are Vulnerable?

21.1 Why System Are Vulnerable?

	A hacker can use 802.11 as analysis tool for identifying the SSID.
	An intruder with an access point and through using the correct SSID has the ability to access resources on the network, they use the windows operating system to know and to determine which users are connected to the network and to easy access their computers and files.
	Wired Equivalent Privacy (WEP) is the initial security standard developed for Wi-Fi, and also it is built into all 802.11 products, and it is so important for all users not to neglect use of this WEP security