Friday, December 8, 2006

Overview of an Intranet Security System

Any intranet is vulnerable to attack by people intent on destruction or on stealing corporate data. The open nature of the Internet and TCP/IP protocols expose a corporation to attack. Intranets require a variety of security measures, including hardware and software combinations that provide control of traffic; encryption and passwords to validate users; and software tools to prevent and cure viruses, block objectionable sites, and monitor traffic.

* The generic term for a line of defense against intruders is a firewall. A firewall is a hardware/software combination that controls the type of services allowed to or from the intranet.

* Proxy servers are another common tool used in building a firewall. A proxy server allows system administrators to track all traffic coming in and out of an intranet.

* A bastion server firewall is configured to withstand and prevent unauthorized access or services. It is typically segmented from the rest of the intranet in its own subnet or perimeter network. In this way, if the server is broken into, the rest of the intranet wont be compromised.

* Server-based virus-checking software can check every file coming into the intranet to make sure that its virus-free.

* Authentication systems are an important part of any intranet security scheme. Authentication systems are used to ensure that anyone trying to log into the intranet or any of its resources is the person they claim to be. Authentication systems typically use user names, passwords, and encryption systems.

* Server-based site-blocking software can bar people on an intranet from getting objectionable material. Monitoring software tracks where people have gone and what services they have used, such as HTTP for Web access.

* One way of ensuring that the wrong people or erroneous data cant get into the intranet is to use a filtering router. This is a special kind of router that examines the IP address and header information in every packet coming into the network, and allows in only those packets that have addresses or other data, like e-mail, that the system administrator has decided should be allowed into the intranet.

All intranets are vulnerable to attack. Their underlying TCP/IP architecture is identical to that of the Internet. Since the Internet was built for maximum openness and communication, there are countless techniques that can be used to attack intranets. Attacks can involve the theft of vital company information and even cash. Attacks can destroy or deny a companys computing resources and services. Attackers can break in or pose as a company employee to use the companys intranet resources.

Firewalls are hardware and software combinations that block intruders from access to an intranet while still allowing people on the intranet to access the resources of the Internet. Depending on how secure a site needs to be, and on how much time, money, and resources can be spent on a firewall, there are many kinds that can be built. Most of them, though, are built using only a few elements. Servers and routers are the primary components of firewalls.

Most firewalls use some kind of packet filtering. In packet filtering, a screening router or filtering router looks at every packet of data traveling between an intranet and the Internet.

Proxy servers on an intranet are used when someone from the intranet wants to access a server on the Internet. A request from the users computer is sent to the proxy server instead of directly to the Internet. The proxy server contacts the server on the Internet, receives the information from the Internet, and then sends the information to the requester on the intranet. By acting as a go-between like this, proxy servers can filter traffic and maintain security as well as log all traffic between the Internet and the network.

Bastion hosts are heavily fortified servers that handle all incoming requests from the Internet, such as FTP requests. A single bastion host handling incoming requests makes it easier to maintain security and track attacks. In the event of a break in, only that single host has been compromised, instead of the entire network. In some firewalls, multiple bastion hosts can be used, one for each different kind of intranet service request.