Securing the intranet
By Adesh Rampat
Many companies have set up an intranet that provides Web-style company information for employees. Procedure manuals and online knowledge sharing can be made possible through the intranet. However, having information on the intranet can also present some security risks. The following examines some of the risks involved:
- Information is shared on the intranet from various servers located within the organization. The network administrator should make sure that proper security permissions are assigned to the folders so that users who will be accessing the information can get to it. In some instances, depending on the information being presented, the users can be allowed to copy the files onto their hard drives but not allowed to copy back on to the server.
- All shared folders should be hidden to prevent any user from being tempted to scan through the folders.
- Information available to the intranet is for the company's employees at large. Before any information is posted, the confidentiality of such information should be investigated. If information with a certain level of confidentiality should be posted, then passwords to the page should be assigned.
- The server that is hosting the Web page should have the latest security service packs installed, especially where IIS is concerned.
- If CGI scripting is to be used, the network administrator should ensure that proper security
- permissions are in place. This is because CGI scripts may intentionally or unintentionally leak information about the host system that can result in a break in.
Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off. Or visit our tips page to rate this tip, or submit one of your own.
Practical Guide to Implementing Secure Intranets and Extranets
Author : Kaustubh M. Phaltankar
Publisher : Artech House
ISBN/CODE : 0890064474
Cover Type : Hard Cover
Pages : 428
Published : Dec. 1999
This invaluable book provides hands-on methodology for designing effective network-level security systems for your corporate intranet or extranet. Using real-world examples and referencing the latest intranet and extranet technology, this essential guidebook for IT professionals shows how to configure network and security elements such as routers, switches, servers and firewalls to achieve top-notch security.
This was first published in June 2001