All Categories :
Intranets
Chapter 12
Overview of an Intranet Security
System
CONTENTS
If you think that you're completely safe from external threats,
think again. Consider this: A government study found that the
United States Pentagon's computers are attacked by hackers some
250,000 times a year-and that about 160,000 of those times the
attacks are successful. In the successful attacks, data and software
are read, stolen, modified, or destroyed. The attacks have cost
the government hundreds of millions of dollars.
If the Pentagon can be broken into, so can you. Intranets are
vulnerable because of the openness of Internet technology. Look
at it this way: There's a door between your intranet and the Internet
that lets people inside an intranet go out onto the Internet to
get information. That same door can let intruders from the Internet
into your intranet.
In addition to unauthorized external access that leads to attacks
and theft, there are other security issues to worry about. It's
not just people from outside the intranet who can pose security
risks. People within the corporation on the intranet can pose
problems as well. There is data within a company that requires
restricted access, such as personnel records. Malicious mischief
is not restricted only to people outside a company.
Computer viruses can be brought in to the intranet with an innocent
looking program picked up on the Internet. It can then infect
the other computers on the intranet, damaging millions of dollars
worth of hardware and software.
There are ways to combat these problems. Any intranet needs to
have a comprehensive security system in place. In addition to
considering the nature of the threats that require defensive measures,
you must evaluate factors such as the size of the intranet and/or
company, the value or confidentiality of the data, and how important
an uninterrupted, operational intranet is to the company. Technology
changes all the time, so the system needs to be constantly monitored
and updated.
Security systems are generically referred to as firewalls.
Firewalls are hardware/software combinations that allow people
from inside an intranet to access data on the Internet, but keep
intruders from getting onto the intranet. In fact, firewalls are
only one part of a comprehensive intranet security system.
Routers play a major role in firewalls-and are important in any
security system. Routers are the technology that lets people on
the intranet connect to the Internet, and allows data from the
Internet to get to users on the intranet. Because all data going
to and from the Internet passes through routers, they're a logical
place to put security measures. A variety of security measures
can be used in concert with routers. The primary one is called
filtering and is accomplished by filtering routers.
What filtering routers do is quite simple. They examine every
packet coming into and going out of an intranet. Based on a set
of rules that a system administrator has established, the router
will let some packets in (pass) and will keep other packets out
(drop). For example, packets coming from specific users or specific
networks can be blocked. Access to entire Internet resources,
such as FTP, can be blocked if, for example, a system administrator
fears a virus infection if file transfers were allowed.
Proxy servers are another important tool in the fight for intranet
security. They allow people on an intranet to get to Internet
resources, but the proxy servers act as a kind of go-between.
In a system set up with a proxy server, this process can be invisible
to the user making the request. The proxy server evaluates the
request against an authorization database, and if the request
is acceptable, the proxy contacts the Internet. The returning
page also passes through the proxy server from the Internet and
passes it to the person who requested it. In this way, the proxy
server can keep a record of all transactions, and provides a trail
to track any kind of attacks. Additionally, the proxy server can
be used as a way to keep the intranet shielded from the Internet,
because the only IP address going out to the Internet is that
of the proxy server, so anyone trying to capture IP addresses
for a spoofing attack (pretending to be a legitimate client) can't
"see" the originating IP addresses.
Another kind of server important for intranet security is a bastion
server. A bastion server is configured especially to resist
attacks. Frequently, it is put on its own subnetwork, known as
a perimeter network. That way, if the bastion server is attacked
and broken into, the intranet is still shielded-the only part
compromised is the bastion server.
Encryption and authentication systems are used to prevent unauthorized
access to an intranet. Encryption can be used to protect data
and passwords. Encryption depends on the use of secret and/or
public keys. User names and passwords can be compromised fairly
easily, allowing someone to masquerade as a legitimate user. Authentication
systems expand on the basic "something you know" security
provided by passwords to one that checks that there is "something
you have" that is uniquely in your possession, a token of
some sort. Encrypted digital signatures are created with keys
that also are uniquely in your possession so they can't be altered
without such tampering being discovered. Encrypted digital signatures
help authenticate the sender of a message and protect against
message tampering.
Viruses are a major concern to anyone running an intranet. While
the threat of viruses is undoubtedly overblown by the news media,
the truth is that viruses are a problem and a potential danger.
One way to solve the problem is to use traditional virus scanning
and eradication software. This software runs on each user's computer,
and allows people to check their computers for viruses, and to
kill the virus if at all possible. But doing things that way depends
on each user actually running the most up-to-date virus checkers,
which doesn't always happen. A better solution is to run virus-checking
software specifically designed for intranets. It runs on a server,
and as files are sent to the intranet it checks them for viruses.
If they're virus-free, it lets them through. If they appear to
contain viruses, it blocks them.
There is software that can block users from accessing objectionable
sites, such as sites with violent or sexual content. On an intranet
a server-based software that does this examines outgoing requests,
such as the URL name and words contained in the header of the
file. The software has a database of objectionable URLs and objectionable
words. When it comes across a site that has an objectionable URL
or objectionable word, it won't allow that request to be sent.
It will also inform the user that the site is blocked. Since there
are so many sites on the Internet, and so many more new ones being
created each day, the database can be updated monthly. That way,
even new sites will be blocked.
Traffic monitoring is another method to maintain a secure intranet.
This is software that sits on a server, and monitors all traffic
between the Internet and the intranet. It can also monitor all
traffic on the intranet itself. The intranet administrator can
set rules and decide what kind of traffic to track. The nature
of the traffic is the area of concern when trying to assure yourself
that only authorized users and services are involved.
Any intranet is vulnerable to attack by people intent on destruction
or on stealing corporate data. The open nature of the Internet
and TCP/IP protocols expose a corporation to attack. Intranets
require a variety of security measures, including hardware and
software combinations that provide control of traffic; encryption
and passwords to validate users; and software tools to prevent
and cure viruses, block objectionable sites, and monitor traffic.
- The generic term for a line of defense against intruders is
a firewall. A firewall is a hardware/software combination
that controls the type of services allowed to or from the intranet.
- Proxy servers are another common tool used in building a firewall.
A proxy server allows system administrators to track all traffic
coming in and out of an intranet.
- A bastion server firewall is configured to withstand
and prevent unauthorized access or services. It is typically segmented
from the rest of the intranet in its own subnet or perimeter
network. In this way, if the server is broken into, the rest
of the intranet won't be compromised.
- Server-based virus-checking software can check every file
coming into the intranet to make sure that it's virus-free.
- Authentication systems are an important part of any intranet
security scheme. Authentication systems are used to ensure that
anyone trying to log into the intranet or any of its resources
is the person they claim to be. Authentication systems typically
use user names, passwords, and encryption systems.
- Server-based site-blocking software can bar people on an intranet
from getting objectionable material. Monitoring software tracks
where people have gone and what services they have used, such
as HTTP for Web access.
- One way of ensuring that the wrong people or erroneous data
can't get into the intranet is to use a filtering router.
This is a special kind of router that examines the IP address
and header information in every packet coming into the network,
and allows in only those packets that have addresses or other
data, like e-mail, that the system administrator has decided should
be allowed into the intranet.
Contact
reference@developer.com with questions or comments.
Copyright 1998
EarthWeb Inc., All rights reserved.
PLEASE READ THE ACCEPTABLE USAGE STATEMENT.
Copyright 1998 Macmillan Computer Publishing. All rights reserved.
SHOPPING
JOB BANK
REFERENCE
JOURNAL
COMMUNITY
ABOUT US