 Part 1: Intranets
 Philosophy
Structure
Part 2: Intranet Installation
Basic Network Configuration
Server
Client
Publishing Applications
Security
Conclusion
References
|
Security should be the primary concern in planning and implementing your Intranet. Many aspects to an effective security policy should be based on the user behaviour, user access needs, passwords and network vulnerabilities. These aspects focus on the education of the library staff. Training of staff is not unusual in the library environment therefore, useful instruction about the Intranet and its importance could ensure that the Intranet is not compromised by any of the staff's actions. Breeding (1997) isolated several characteristics that prevail in libraries and are vulnerable to corruption either from malicious attack or accidental destruction: networked based computing, UNIX servers for an Integrated Library System (ILS), file servers, connectivity to campus and corporate networks, and connectivity to the Internet. Breeding suggests that the connecting devices can provide the needed security depending on its intent and application. Breeding basically follows the hierarchical development of network devices from the least effective to the impenetrable.
The hub, especially 10BaseT hubs have advanced features that do not allow packet sniffing or eavesdropping of the network's lines. Sniffing can be solved through two means according to Breeding; encryption and the strict control of network traffic. These devices deal with the control of the network solution. The next device above that of the hub in terms of security is the router. The router divides the network into segments or subnets, basically separating the network into areas for public and private usage. The device to follow the router is the switch or switched Ethernet hubs. Swithches have multiple ports that in effect treat each port as a separate segment in the network. Therefore, sniffing of the network traffic becomes a very difficult task because there is only one line of packet transmission. Asynchronous Transfer Mode (ATM) operates in a different manner from that of Ethernet. "All data packets are broken into fixed size cells and switching technology is used to set up virtual circuits between senders and receivers on the network" (Breeding, 1997, 17). In an ATM network sniffing no longer becomes a possibility. "When libraries connect directly to the Internet, or gain access to the Internet via their Intranets a firewall can be used to protect an organization's networks from intruders on the Internet" (Breeding , 1997, 19). Firewalls deal only with specific protocols and it is most often the Internet Protocol (IP). Many questions regarding Firewalls can be answered at Ranum's FAQ site (1995) and Cox's [(a), (b)] (1996) articles which discuss the construction of firewalls and the types of firewalls available. Cox also examines the platforms for firewall servers if that is viewed as the best solution to your Intranet needs. Access control is also an issue that Cox addresses and this is reiterated by Fore's (1997) sentiments about authentication and access control. Fore lists a selection of useful tools related to computer security in a UNIX setting. Pfleeger (1997) suggests that networks, because of their vulnerability, should also incorporate encryption into the Intranet policy plan. Encryption is an extremely powerful tool for providing privacy, authenticity, integrity, and limited access to data. Pfleeger describes two types of encryption, link and end-to-end.
In link encryption, data is encrypted just before the system places it on the physical communications link. In this case, encryption occurs at layer 1 and 2 in the OSI model. A similar situation occurs with the TCP/IP protocols. Decryption occurs just as the communication enters the receiving computer. (Pfleeger, 1997, 406)and ;End-to-end encryption provides security from one end of a transmission through the other. The encryption can be applied by a hardware device between the user and the host. Alternately, the encryption can be done by software running on the host computer. In either case, the encryption is performed at the highest levels (layer 7, application, or perhaps at layer 6, presentation) of the OSI model. (Pfleeger, 1997, 407)Some Intranet search engines come with security features. Fulcrum Surfboard's "software incorporates security features that limit access based on current firewall specifications or other security needs" (Zorn, 1997, 40). The freeware ht://Dig developed at San Diego State University has "An interesting security feature...is its ability to search a protected server when the password is given" (Zorn, 1997, 38), a plus for any Intranet installation.
|
Part 1: Intranets
Philosophy
Structure
Part 2: Intranet Installation
Basic Network Configuration
Server
Client
Publishing Applications
Security
Conclusion
References
|