On computer security

This pioneering guide to Internet and intranet security is the first to cover all of the relevant technologies in one comprehensive reference, and enhances the ability to create and deploy secure architectures. It gives users the knowledge needed for improved productivity, whether setting up commerce on line, assembling a firewall, or selecting access controls and cryptographic protocols to secure TCP/IP-based networks.

Foreword by Lars Knudsen Practical Intranet Security focuses on the various ways in which an intranet can be violated and gives a thorough review of the technologies that can be used by an organization to secure its intranet. This includes, for example, the new security architecture SESAME, which builds on the Kerberos authentication system, adding to it both public-key technology and a role-based access control service. Other technologies are also included such as a description of how to program with the GSS-API, and modern security technologies such as PGP, S/MIME, SSH, SSL IPSEC and CDSA. The book concludes with a comparison of the technologies. This book is different from other network security books in that its aim is to identify how to secure an organization's intranet. Previously books have concentrated on the Internet, often neglecting issues relating to securing intranets. However the potential risk to business and the ease by which intranets can be violated is often far greater than via the Internet. The aim is that network administrators and managers can get the information that they require to make informed choices on strategy and solutions for securing their own intranets. The book is an invaluable reference for network managers and network administrators whose responsibility it is to ensure the security of an organization's intranet. The book also contains background reading on networking, network security and cryptography which makes it an excellent research reference and undergraduate/postgraduate text book.

In the last 12 years, we have observed amazing growth of electronic communication. We have witnessed widespread implementation of computer-controlled transmissions encompassing almost every aspect of our business and private lives. Internet and Intranet Security Management: Risks and Solutions addresses issues of information security from the managerial, global point of view.

In the last 12 years we have observed amazing growth of electronic communication. From typical local networks through countrywide systems and business-based distributed processing, we have witnessed widespread implementation of computer-controlled transmissions encompassing almost every aspect of our business and private lives.Internet and Intranet Security, Management, Risks and Solutions addresses issues of information security from the managerial, global point of view. The global approach allows us to concentrate on issues that could be influenced by activities happening on opposite sides of the globe.

Government Secure Intranets presents the results of an international study group, which was appointed in the summer of 1998 under the auspices of the Board of the International Council for Technology in Government Administration (ICA), to explore the state of experience in government secure intranets, with a focus of respective experiences of the United Kingdom and Israel. The publication succinctly underscores the role that Internet and Intranet can provide as valuable new tools for new or enhanced services form government administration's standpoint and from citizen's viewpoint. The very aspects that make these services attractive are the very factors that make them vulnerable to being subverted: ease of availability, cross platform working and pertinent low cost. Practical experience from the UK and Israel have demonstrated that security devices do exist but these are only a partial solution. Security concerns can only be overcome with careful planning and strict enforcement, including the need to have a well designed Intranet architecture and a professionally managed service. The concept of a "front door" to government services provides the point of secure entry for citizens with a legitimate reason for access to government transactions or to information services without the direct access to government databases.

Many organizations encounter a common problem in their approach to intranet security: They treat intranets as an internal tool that is hidden deep in the corporate network and is somehow immune from external attacks. This is far from the truth, however. An intranet is basically a Web application exposed to a hostile environment the same way as the corporate Web site and therefore vulnerable to the same scope of threats. The fact that it is intended for employees and trusted parties doesn’t guarantee anything against hacker attacks, viruses, and spam. Failing to introduce a dedicated intranet security policy entails a range of risks associated with sensitive information leakage and data loss. For many organizations, safeguarding intranets is even more important than protecting their Web sites. Intranets usually contain extremely confidential assets crucial for both day-to-day activity and strategic business development. A successful attack may result in disruption of the organization’s operations, significant reputation damage, and infringement of legal regulations. To avoid unexpected embarrassment after launching an intranet, organizations must carefully evaluate the solution’s capability to cope with security issues. So, with the preceding in mind, this chapter provides information about all aspects of threats that affect intranet security. The chapter is intended for organizations that understand the changing nature of the threat landscape and what might be done to mitigate it.