April 5, 1999
From Server to Firewall: Multiple Layers of Intranet SecurityBy Steven L. Telleen
Q: Is a firewall the only security we need for our intranet?
A: Security requirements vary from one organization to the next, and among an organization's different kinds of content. For most intranets, more than a firewall is needed.
Security is not just about access. It also protects information from accidental or willful alteration or destruction. Most security experts say a security breach is more likely to come from a company's own staff than from outside. These may be disgruntled employees, or those who are after the thrill of breaking the code. Either way, this implies the highest risk is inside the firewall.
In the physical world we have layers of security: A bank has vaults, locks, guards, and alarms, and each covers the weaknesses of the others. Intranets have a similar layered approach. At the center is server security, and content is only as secure as the server on which it is stored.
Most commercial servers include a base level of operating-system and file-system security. Some servers require additional software to control access to server resources and files. These measures are like locks: Only those with keys can gain access.
The next level is software that monitors the OS logs, looking for suspicious activity. When a potential intrusion is detected, the software generates an alert. The response may be automatic, or the systems administrator may have to generate the appropriate response. The history recorded in the server logs can be used to assess damage and plan restorative action.
Alarm systems can be added to network routers to detect or block potential threats. These take the form of filters that scan the IP packets looking for suspicious patterns.
At the network's entrance is the firewall. Firewalls have controls requiring the proper keys, and often have filters that scan incoming packets. They may have a proxy server that hides the real IP addresses of users requesting resources outside the firewall.
Finally, software, run outside the firewall, tries all known security tricks of hackers, thus scanning for vulnerability points. The security implementation also should be supplemented with regular process audits by an independent security expert.
Not every server or network segment needs the same security. One of the architectural considerations of an intranet should be the provision of areas where content requiring a high level of security can be placed.