Internet vs Intranet

Many companies have adopted Internet protocols for their local-area networks; these `Internist' may or may not connect to the Internet. By restricting Intranet access to company personnel only, some of risks described below are decreased. You must keep in mind, however, that threats exist inside the company as well as outside; and normal computer security procedure and personnel screening are still necessary.

Word-wide access vs propiertary information. Unless your company is running a completely closed network, you must assume that anything published on the Web can and will be accessible to the world. The UNIX operating system that controls most network servers is insecure by design, and recent attempts to overlay protection have been only partially successful. Password and user authorisation schemes in Web pages stop the casual Web surfer, but they will not stop the CGI scripts and other programs that search the Internet for specific kinds of information. A recent trend toward dynamic Web pages (created only when the user passes the authorisation routine) provides some relief. In general, if your information is business sensitive, don't make it accessible on the Internet.

Many companies use `firewalls' to protect their internal networks from unwanted external penetration. The firewall is a piece of software that intercepts all incoming and possibly outgoing transmissions. It accepts or rejects the transmission based on an approved list of Internet services. Many firewalls are programmed to allow all e-mail traffic through, but to reject FTP and Telnet requests. In effect, the company picks and chooses which Internet services to allow based on its business needs and risk tolerance. Like any piece of network software, a firewall can be defeated by clever hackers.

Security of transmitted responses. The growth of electronic commerce on the Internet has created a profusion of line catalogues, some allowing you to complete an electronic order form. When the form is transmitted back to the vendor, the data is not encrypted or protected to ensure provacy. Since the information may be transmitted through many network nodes, there is always the chance that it will be intercepted by an unintended receiver.

Recent attempts to add encryption to the Internet have suffered from technical failure (as in the case of public key encryption schemes) and government resistance. such resistance is exemplified by the demand for a `Clipper' chip that allows law enforcement eavesdropping and export ban on the privately developed `Pretty Good Protection' encryption scheme (which was good enough to defeat government attempts to crack it!).

With a few identification numbers, an individual can tap into extensive marketing databases and learn about someone else's financial and personal history. if they also have a credit card number, they can transact business in someone else's name and disappear. until encryption becomes the rule, it is inadvisable to ask for credit card numbers, social security numbers, and other personal information from your Web page. In addition to being a courtesy to your audience, it also protects your company from losses due to fraudulent electronic transactions and potential third-party liability for such disclosures.

Help systems vs. HTML. The simplicity, flexibility, and universality of HTML make it a strong candidate for use in building computer-based training (CBT) and help systems. HTML competes with existing authoring packages and help-file creation software, offering lower cost and potentially wider distribution while sacrificing some advanced features and the familiar `look and feel' of existing help systems. Companies that use the Internet or other wide-area networks to maintain communication among geographically diverse offices and companies that don't have an existing investment in other help systems or CBT technology may find the use of HTML and the Web particularly attractive.

Technorati Tags: internet