Question - What are the Potential Security Problems Resulting from Increased use of Intranet and Extranet
The Intranet and Extranet technologies offer business organizations many advantages aimed at the efficient sharing of information and data. An Intranet is generally limited to an organization’s employees. Typical use might involve providing access to a certain division or category of employees on an as-needed basis. An Extranet seeks to achieve a similar goal, only the users might be limited to outsiders such as customers, suppliers, or clients.
The inadvertent disclosure of key information can be equally disastrous regardless of whether an Intranet or Extranet program is compromised. The following are examples:
Key In-house Information
Personnel Files & Decisions
Employee Disciplinary Status
Pending Labor Decisions
Key Customer/Client/Supplier Information
Credit Card Account Numbers
Personal Health Matters
The Status of Legal Matters
Ideally, an organization would be cognizant of potential worst case scenarios and proceed accordingly. Pre-Intranet or Extranet development should, at minimum, consider the following questions
- What unintended disclosure would damage the company’s credibility with regard to maintaining employee privacy?
- What company secrets would give competitors a substantial advantage?
- Which long term plans should or should not be available to employees?
- Which inadvertent disclosures would destroy company credibility with customers, clients or suppliers?
No system is completely invulnerable to a dedicated hacker. However, once an organization identifies potential risks, steps should be taken to minimize those risks. Below are a few actions that may be taken:
User-to-Host Authentication - Provide users with authorized access and prevents access to by all others.
Host-to-Host Authentication – Filters access from outside computers, allowing only those pre-determined to be safe.
User-to-User Authentication: - Limits access to users that can prove their identity
The above precautions are accomplished through:
Monitoring your employees
Partitioning - access control per user.