Databases Reference
In-Depth Information
new technologies, address current risk levels, and reflect the company's
use of information and network and computing resources.
There are four basic threats to consider when you begin to use Internet,
intranet, and Web technologies:
• Unauthorized alteration of data
• Unauthorized access to the underlying operating system
• Eavesdropping on messages passed between a server and a browser
• Impersonation
Your security strategies should address all four. These threats are com-
mon to any technology in terms of protecting information. In the remainder
of this chapter, we will build upon the “general good security practices and
traditional security management” discussed in the first section and apply
these lessons to the technical implementation of security and control
mechanisms in the Internet, intranet, and Web environments.
The profile of a computer hacker is changing with the exploitation of In-
ternet and Web technologies. Computerized bulletin board services and
network chat groups link computer hackers (formerly characterized as lon-
ers and misfits) together. Hacker techniques, programs and utilities, and
easy-to-follow instructions are readily available on the net. This enables
hackers to more quickly assemble the tools to steal information and break
into computers and networks, and it also provides the “would-be” hacker
a readily available arsenal of tools.
INTERNAL/EXTERNAL APPLICATIONS
Most companies segment their networks and use firewalls to separate
the internal and external networks. Most have also chosen to push their
marketing, publications, and services to the public side of the firewall us-
ing file servers and web servers. There are benefits and challenges to
each of these approaches. It is difficult to keep data synchronized when
duplicating applications outside the network. It is also difficult to ensure
the security of those applications and the integrity of the information.
Outside the firewall is simply
, and therefore also outside the
protections of the internal security environment. It is possible to protect
that information and the underlying system through the use of new secu-
rity technologies for authentication and authorization. These techniques
are not without trade-offs in terms of cost and ongoing administration,
management, and support.
outside
Security goals for external applications that bridge the gap between in-
ternal and external, and for internal applications using the Internet, intra-
net, and WWW technologies should all address these traditional security
controls:
Search WWH ::
Custom Search