<HTML><HEAD><TITLE>Chapter 12 -- Overview of an Intranet Security System</TITLE><META></HEAD><BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EE" VLINK="#551A8B" ALINK="#CE2910"><H1><FONT SIZE=6 COLOR=#FF0000>Chapter&nbsp;12</FONT></H1><H1><FONT SIZE=6 COLOR=#FF0000>Overview of an Intranet SecuritySystem</FONT></H1><HR><P><CENTER><B><FONT SIZE=5><A NAME="CONTENTS">CONTENTS</A></FONT></B></CENTER><UL><LI><A HREF="#OverviewofanIntranetSecuritySystem">Overview of an Intranet Security System</A></UL><HR><P>If you think that you're completely safe from external threats,think again. Consider this: A government study found that theUnited States Pentagon's computers are attacked by hackers some250,000 times a year-and that about 160,000 of those times theattacks are successful. In the successful attacks, data and softwareare read, stolen, modified, or destroyed. The attacks have costthe government hundreds of millions of dollars.<P>If the Pentagon can be broken into, so can you. Intranets arevulnerable because of the openness of Internet technology. Lookat it this way: There's a door between your intranet and the Internetthat lets people inside an intranet go out onto the Internet toget information. That same door can let intruders from the Internetinto your intranet.<P>In addition to unauthorized external access that leads to attacksand theft, there are other security issues to worry about. It'snot just people from outside the intranet who can pose securityrisks. People within the corporation on the intranet can poseproblems as well. There is data within a company that requiresrestricted access, such as personnel records. Malicious mischiefis not restricted only to people outside a company.<P>Computer viruses can be brought in to the intranet with an innocentlooking program picked up on the Internet. It can then infectthe other computers on the intranet, damaging millions of dollarsworth of hardware and software.<P>There are ways to combat these problems. Any intranet needs tohave a comprehensive security system in place. In addition toconsidering the nature of the threats that require defensive measures,you must evaluate factors such as the size of the intranet and/orcompany, the value or confidentiality of the data, and how importantan uninterrupted, operational intranet is to the company. Technologychanges all the time, so the system needs to be constantly monitoredand updated.<P>Security systems are generically referred to as <I>firewalls</I>.Firewalls are hardware/software combinations that allow peoplefrom inside an intranet to access data on the Internet, but keepintruders from getting onto the intranet. In fact, firewalls areonly one part of a comprehensive intranet security system.<P>Routers play a major role in firewalls-and are important in anysecurity system. Routers are the technology that lets people onthe intranet connect to the Internet, and allows data from theInternet to get to users on the intranet. Because all data goingto and from the Internet passes through routers, they're a logicalplace to put security measures. A variety of security measurescan be used in concert with routers. The primary one is called<I>filtering</I> and is accomplished by <I>filtering routers</I>.What filtering routers do is quite simple. They examine everypacket coming into and going out of an intranet. Based on a setof rules that a system administrator has established, the routerwill let some packets in (pass) and will keep other packets out(drop). For example, packets coming from specific users or specificnetworks can be blocked. Access to entire Internet resources,such as FTP, can be blocked if, for example, a system administratorfears a virus infection if file transfers were allowed.<P>Proxy servers are another important tool in the fight for intranetsecurity. They allow people on an intranet to get to Internetresources, but the proxy servers act as a kind of go-between.In a system set up with a proxy server, this process can be invisibleto the user making the request. The proxy server evaluates therequest against an authorization database, and if the requestis acceptable, the proxy contacts the Internet. The returningpage also passes through the proxy server from the Internet andpasses it to the person who requested it. In this way, the proxyserver can keep a record of all transactions, and provides a trailto track any kind of attacks. Additionally, the proxy server canbe used as a way to keep the intranet shielded from the Internet,because the only IP address going out to the Internet is thatof the proxy server, so anyone trying to capture IP addressesfor a spoofing attack (pretending to be a legitimate client) can't&quot;see&quot; the originating IP addresses.<P>Another kind of server important for intranet security is a <I>bastionserver</I>. A bastion server is configured especially to resistattacks. Frequently, it is put on its own subnetwork, known asa perimeter network. That way, if the bastion server is attackedand broken into, the intranet is still shielded-the only partcompromised is the bastion server.<P>Encryption and authentication systems are used to prevent unauthorizedaccess to an intranet. Encryption can be used to protect dataand passwords. Encryption depends on the use of secret and/orpublic keys. User names and passwords can be compromised fairlyeasily, allowing someone to masquerade as a legitimate user. Authenticationsystems expand on the basic &quot;something you know&quot; securityprovided by passwords to one that checks that there is &quot;somethingyou have&quot; that is uniquely in your possession, a token ofsome sort. Encrypted digital signatures are created with keysthat also are uniquely in your possession so they can't be alteredwithout such tampering being discovered. Encrypted digital signatureshelp authenticate the sender of a message and protect againstmessage tampering.<P>Viruses are a major concern to anyone running an intranet. Whilethe threat of viruses is undoubtedly overblown by the news media,the truth is that viruses are a problem and a potential danger.One way to solve the problem is to use traditional virus scanningand eradication software. This software runs on each user's computer,and allows people to check their computers for viruses, and tokill the virus if at all possible. But doing things that way dependson each user actually running the most up-to-date virus checkers,which doesn't always happen. A better solution is to run virus-checkingsoftware specifically designed for intranets. It runs on a server,and as files are sent to the intranet it checks them for viruses.If they're virus-free, it lets them through. If they appear tocontain viruses, it blocks them.<P>There is software that can block users from accessing objectionablesites, such as sites with violent or sexual content. On an intraneta server-based software that does this examines outgoing requests,such as the URL name and words contained in the header of thefile. The software has a database of objectionable URLs and objectionablewords. When it comes across a site that has an objectionable URLor objectionable word, it won't allow that request to be sent.It will also inform the user that the site is blocked. Since thereare so many sites on the Internet, and so many more new ones beingcreated each day, the database can be updated monthly. That way,even new sites will be blocked.<P>Traffic monitoring is another method to maintain a secure intranet.This is software that sits on a server, and monitors all trafficbetween the Internet and the intranet. It can also monitor alltraffic on the intranet itself. The intranet administrator canset rules and decide what kind of traffic to track. The natureof the traffic is the area of concern when trying to assure yourselfthat only authorized users and services are involved.<H2><A NAME="OverviewofanIntranetSecuritySystem"><FONT SIZE=5 COLOR=#FF0000>Overview of an Intranet Security System</FONT></A></H2><P>Any intranet is vulnerable to attack by people intent on destructionor on stealing corporate data. The open nature of the Internetand TCP/IP protocols expose a corporation to attack. Intranetsrequire a variety of security measures, including hardware andsoftware combinations that provide control of traffic; encryptionand passwords to validate users; and software tools to preventand cure viruses, block objectionable sites, and monitor traffic.<UL><LI>The generic term for a line of defense against intruders isa <I>firewall</I>. A firewall is a hardware/software combinationthat controls the type of services allowed to or from the intranet.<LI>Proxy servers are another common tool used in building a firewall.A proxy server allows system administrators to track all trafficcoming in and out of an intranet.<LI>A <I>bastion server</I> firewall is configured to withstandand prevent unauthorized access or services. It is typically segmentedfrom the rest of the intranet in its own subnet or <I>perimeternetwork</I>. In this way, if the server is broken into, the restof the intranet won't be compromised.<LI>Server-based virus-checking software can check every filecoming into the intranet to make sure that it's virus-free.<LI>Authentication systems are an important part of any intranetsecurity scheme. Authentication systems are used to ensure thatanyone trying to log into the intranet or any of its resourcesis the person they claim to be. Authentication systems typicallyuse user names, passwords, and encryption systems.<LI>Server-based site-blocking software can bar people on an intranetfrom getting objectionable material. Monitoring software trackswhere people have gone and what services they have used, suchas HTTP for Web access.<LI>One way of ensuring that the wrong people or erroneous datacan't get into the intranet is to use a <I>filtering</I> <I>router</I>.This is a special kind of router that examines the IP addressand header information in every packet coming into the network,and allows in only those packets that have addresses or otherdata, like e-mail, that the system administrator has decided shouldbe allowed into the intranet.</UL><HR><CENTER><P><A HREF="ch11.htm"><IMG SRC="PC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="CC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="contents.htm"><IMG SRC="HB.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch13.htm"><IMG SRC="NC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><HR WIDTH="100%"></P></CENTER></BODY></HTML>