What potential security problems do you see in the increasing use of intranets and extranets in business?

Answer 1

As the use of Intranets and Extranets has grown, so has the need for security. Intranet and Extranet security breaches can take a variety of forms. For example, (!) An unauthorized person, such as a contractor or visitor, might gain access to a company’s computer system. (!) An employee or supplier authorized to use the system for one purpose might use it for another. For example, an engineer might break into the HR database to obtain confidential salary information. (!) Confidential information might be intercepted as it is being sent to an authorized user. For example, an intruder might attach a network sniffing device to the network. While sniffers are normally used for network diagnostics, they can also be used to intercept data coming over the wire. (!) Users may share documents between geographically separated offices over the internet or Extranet, or telecommuters accessing the corporate Intranet from their home computer can expose sensitive data as it is sent over the wire. (!) Electronic mail can be intercepted in transit.

Fortunately, there are a variety of techniques available to address these security holes within Extranets and Intranets. Keep in mind five fundamental goals of a security system: Privacy, Authentication, Content Integrity, Non-repudiation, and Ease-of-use, a set of technologies have been developed over the past fifteen years that are particular well suited to meeting these five security goals. Broadly called Public Key Infrastructure (PKI), this technology allows organizations using open networks, such as TCP/IP Intranets and Extranets, to replicate or even improve on the mechanisms used to ensure security in the physical world. Envelopes and secure couriers are replaced with sophisticated methods of data encryption, which can ensure that messages are only read by their intended recipients. Physical signatures and seals are replaced with digital signatures which, in addition to ensuring that messages came from a particular entity, can also ensure that message was not altered by as much as one bit during transit. Identity documents, such as passports, employee ID cards, and business licenses, can be replaced with digital certificates (also known as Digital IDs). Finally, the various mechanisms for centralized control, audit, and authorization, such as those provided by corporate governance structures, industry boards, or trusted third parties such as Accountants, can be replicated in the digital world through the infrastructure used to managed encryption, digital signatures, and Digital IDs.