home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



NETWORKOLOGIST

Swallowing Your Intranet Lima Beans

by Patricia Schnaidt

A few people are still trying to figure out what an intranet is;others wonder if they just made a bad purchasing decision by installing Lotus Notes a month ago instead of waiting for Web-based groupware to mature; still others wonder which tools and architecture to use for a Web-based application, while some are lab-testing virtual private networks to discover if they can reduce leased-line costs while still providing the same level of service. Whatever tops IS managers' Internet to-do list, security should be a common a nd top-level concern.

Security, like lima beans, is one of those things that's good for you but hard to swallow. If you're motivated by fear, there's no shortage of scare stories to make you want to serve those security lima beans to every one of your users. Take the August attack on the Department of Justice Web site. Or the entertainment company that gets hundreds of attacks on its Web site every day. Few organizations want to publicize their break-ins because no one wants to make a career out of publicizing mistakes or carelessness. Bragging about security measures isn't popular either, because no one wants to inadvertently challeng e a would-be hacker.

There's no better time for you to examine your organization's security policies and practices. Although the allure of a technology solution is always strong to the IS person who is motivated by technology, the biggest part of security is administrative. Security is policy, awareness and enforcement. Examine the security health of your entire network , from user to CIO, from within the corporation as well as from outside. And it requires constant vigilance to be aware of hacking attempts.

Accessible Means Insecure While you're securing the perimeter and the inside of the network, pay particular attention to your new (or forthcoming) intranet. An intranet is all about making information easily accessible to those within your organization as well as to your business partners and customers. It's hard to find information on client/server networks because the users have to know on which server and in which directory the data resides, and you must have the same application as the creator of the data. The confusion provides a level of security. Easily navigated intranets promise to change all that.

Remember the adage that says the biggest threat to your corporate information comes from your employees, not outside hackers? It's doubly true for intranets. While you may be focused on ensuring that your business partners only access exactly what they need, your employees are the ones who have enough knowledge to know what information is valuable and how to get it. (Worst-case scenario, they know which competitor would buy it.)

Now you have your mainframe data published through a Web server, and anyone with a browser, having assumed the right permissions, has direct access to your most critical business systems. Your organizations' product pricing information and inventory levels are easily available, and without the right security, they can be available to those who do not need to know. Intranets and need-to-knows can seem at cross-purposes.

Once your security policies are set, you must weave a patchwork of security protocols that operate on different layers into a single security blanket. Most technology solutions involve encryption, which, if it is sufficiently strong, has export restrictions, and, on a more local level, require much processing power. On the application level, Web servers offer Secure Sockets Layer (SSL) and Secure Hypertext Tr ansport Protocol (SHTTP) for encrypted transactions. On the network layer, IPsec will enable you to use encrypted IP to build virtual private networks among your offices using the Internet (response time problems being resolved, of course) so that you can forgo expensive leased-line connections. RSA Data Security, along with many other vendors, is running a trial of IPsec with its SWAN effort. On the dial-in side, Microsoft is proffering the Point-to-Point Tunneling Protocol (PPTP), or encrypted PPP to NT servers. Pay close attention to intranet security and define your solution carefully and with the right tools. An intranet and its attendant applications that is built with both eyes toward security will provide a feast of corporate information that's readily available to the right users at any time.

Patricia Schnaidt can be reached at pschnaidt@nwc.com.


Perspectives by Eric Hall
Perspectives by R obert J. Kohlhepp
Corporate View by Robert Moskawitz
On The Wire by Bill Alderson and J. Scott Haugdahl
In The Middle by Bruce Robertson
Return To The Table Of Contents


Updated September 9, 1996






Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights