Kenneth C. Laudon,Jane P. Laudon Management Information System 12th Edition pdf

Part Two

in which eavesdroppers drive by buildings or park outside and try to intercept

wireless network traffic.

A hacker can employ an 802.11 analysis tool to identify the SSID. (Windows

XP, Vista, and 7 have capabilities for detecting the SSID used in a network and

automatically configuring the radio NIC within the user’s device.) An intruder

that has associated with an access point by using the correct SSID is capable of

accessing other resources on the network, using the Windows operating system

to determine which other users are connected to the network, access their

computer hard drives, and open or copy their files.

Intruders also use the information they have gleaned to set up rogue access

points on a different radio channel in physical locations close to users to force a

user’s radio NIC to associate with the rogue access point. Once this association

occurs, hackers using the rogue access point can capture the names and

passwords of unsuspecting users.

The initial security standard developed for Wi-Fi, called Wired Equivalent

Privacy (WEP), is not very effective. WEP is built into all standard 802.11 prod-

ucts, but its use is optional. Many users neglect to use WEP security features,

leaving them unprotected. The basic WEP specification calls for an access point

and all of its users to share the same 40-bit encrypted password, which can be

easily decrypted by hackers from a small amount of traffic. Stronger encryption

and authentication systems are now available, such as Wi-Fi Protected Access 2

(WPA2), but users must be willing to install them.

MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN

HORSES, AND SPYWARE

Malicious software programs are referred to as