Saturday, July 6, 2013

What potential security problems do you see inthe increasing use of intranets and extranets in business?What might be done tosolve?Give Several exmp

Question - What are the Potential Security Problems Resulting from Increased use of Intranet and Extranet



Answer



The Intranet and Extranet technologies offer business organizations many advantages aimed at the efficient sharing of information and data. An Intranet is generally limited to an organization’s employees. Typical use might involve providing access to a certain division or category of employees on an as-needed basis. An Extranet seeks to achieve a similar goal, only the users might be limited to outsiders such as customers, suppliers, or clients.



The inadvertent disclosure of key information can be equally disastrous regardless of whether an Intranet or Extranet program is compromised. The following are examples:



Key In-house Information


Personnel Files & Decisions


Employee Salaries


Employee Disciplinary Status


Pending Labor Decisions



Key Customer/Client/Supplier Information


Credit Card Account Numbers


Personal Health Matters


The Status of Legal Matters


Proprietary Secrets



Ideally, an organization would be cognizant of potential worst case scenarios and proceed accordingly. Pre-Intranet or Extranet development should, at minimum, consider the following questions



  • What unintended disclosure would damage the company’s credibility with regard to maintaining employee privacy?

  • What company secrets would give competitors a substantial advantage?

  • Which long term plans should or should not be available to employees?

  • Which inadvertent disclosures would destroy company credibility with customers, clients or suppliers?  


No system is completely invulnerable to a dedicated hacker. However, once an organization identifies potential risks, steps should be taken to minimize those risks. Below are a few actions that may be taken:



User-to-Host Authentication - Provide users with authorized access and prevents access to by all others.



Host-to-Host Authentication – Filters access from outside computers, allowing only those pre-determined to be safe. 



User-to-User Authentication: - Limits access to users that can prove their identity



The above precautions are accomplished through:


Monitoring your employees


Firewalls configuration


Partitioning - access control per user.


Encryption

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)