Page 327 -
P. 327
326 Part Two Information Technology Infrastructure
layer can cause harm by introducing errors or by accessing systems without
authorization. It is possible to access data flowing over networks, steal valuable
data during transmission, or alter messages without authorization. Radiation
may disrupt a network at various points as well. Intruders can launch denial-
of-service attacks or malicious software to disrupt the operation of Web sites.
Those capable of penetrating corporate systems can destroy or alter corporate
data stored in databases or files.
Systems malfunction if computer hardware breaks down, is not configured
properly, or is damaged by improper use or criminal acts. Errors in program-
ming, improper installation, or unauthorized changes cause computer software
to fail. Power failures, floods, fires, or other natural disasters can also disrupt
computer systems.
Domestic or offshore partnering with another company adds to system
vulnerability if valuable information resides on networks and computers
outside the organization’s control. Without strong safeguards, valuable data
could be lost, destroyed, or could fall into the wrong hands, revealing important
trade secrets or information that violates personal privacy.
The popularity of handheld mobile devices for business computing adds to
these woes. Portability makes cell phones, smartphones, and tablet computers
easy to lose or steal. Smartphones share the same security weaknesses as other
Internet devices, and are vulnerable to malicious software and penetration
from outsiders. Smartphones used by corporate employees often contain sen-
sitive data such as sales figures, customer names, phone numbers, and e-mail
addresses. Intruders may be able to access internal corporate systems through
these devices.
Internet Vulnerabilities
Large public networks, such as the Internet, are more vulnerable than internal
networks because they are virtually open to anyone. The Internet is so huge
that when abuses do occur, they can have an enormously widespread impact.
When the Internet becomes part of the corporate network, the organization’s
information systems are even more vulnerable to actions from outsiders.
Computers that are constantly connected to the Internet by cable modems
or digital subscriber line (DSL) lines are more open to penetration by outsid-
ers because they use fixed Internet addresses where they can be easily identi-
fied. (With dial-up service, a temporary Internet address is assigned for each
session.) A fixed Internet address creates a fixed target for hackers.
Telephone service based on Internet technology (see Chapter 7) is more
vulnerable than the switched voice network if it does not run over a secure
private network. Most Voice over IP (VoIP) traffic over the public Internet is not
encrypted, so anyone with a network can listen in on conversations. Hackers
can intercept conversations or shut down voice service by flooding servers
supporting VoIP with bogus traffic.
Vulnerability has also increased from widespread use of e-mail, instant
messaging (IM), and peer-to-peer file-sharing programs. E-mail may contain
attachments that serve as springboards for malicious software or unauthor-
ized access to internal corporate systems. Employees may use e-mail messages
to transmit valuable trade secrets, financial data, or confidential customer
information to unauthorized recipients. Popular IM applications for consumers
do not use a secure layer for text messages, so they can be intercepted and read
by outsiders during transmission over the public Internet. Instant messaging
activity over the Internet can in some cases be used as a back door to an oth-
erwise secure network. Sharing files over peer-to-peer (P2P) networks, such as
MIS_13_Ch_08 Global.indd 326 1/17/2013 3:10:20 PM
