Intranet security

Intranet Security BY Catherine Alexis CMPT 585- Computer and Data Security Professor: Dr Stefan Robila Intranet Security Table of Contents I. Abstract II. Definition III. Architecture (Fig1) Intranet Components IV. Introduction V. Security Within the Organization i.Physical Security ii.Domain Controller iii.Web Server iv.File Server v.Mail Server vi.Print Server vii.Application Server viii.Database Server ix.Security and Monitoring Server x.Workstations xi.Switches Security Components of the Intranet VI. Security Against the Extranet i.Routers ii.Firewall iii.DMZ iv.NAT Connection VII. Conclusion Page 3 3 3 4 4 4 4 4 4 4 5 5 5 5 5 7 7 7 8 8 9 Montclair State University 2 Catherine Alexis Fall2004 Intranet Security I. Abstract While much importance is given for protecting one’s data and confidential information from outside one’s boundaries little is talked about the risks involved inside the organization. Users inside an organization had direct physical access to confidential information and are well aware of the resource access controls. Hence securing the intranet from its trusted users becomes critical. Statistics show that 80% of all computer frauds is committed by internal end users. This paper briefly explains the definition and the architecture of the intranet and discusses the physical security of the intranet components and also security of the organizations data both from the internal users and also from the outside world (Internet). II. Definition The web defines intranet as a private network inside a company or organization, which uses software like that used on the Internet, but is for internal use only, and is not accessible to the public. Companies use Intranets to manage projects, provide employee information, distribute and share data and information. III. Intranet Architecture Fig 1- Showing the Intranet Architecture Montclair State University 3 Catherine Alexis Fall2004 Intranet Security IV. Introduction Fig 1 shows the various components in the Intranet Architecture and how each component is connected to various other components in the network. The security of each component physically as well as the policies and practices that make these components secure from within the organization and the components that protect the Intranet from the outside world (Internet) are analyzed and discussed in detail in the rest of this paper. V. Security within the Organization i. Physical security This security is easy to implement. The servers and network devices are protected in a safe room with security locks or swipe card access and only authorized personnel are allowed entry. On the overall the entire building is protected and guarded by a security guard. ii. Domain Controller Domain Controller is a concept used in the Microsoft, UNIX, and Linux operating systems whereby a user maybe granted access to a number of computer resources with the use of unique user name and password combination. It also takes care of IP address assignment for workstations and servers. This server is protected by the following  Creating domain security policy and implementing on the server. It means that only the administrator can access this server locally and remotely.  Installing antivirus software and definitions  Installing security patches and service pack  Disabling unwanted devices like USB device, parallel port device from the server. iii. Web server The organizations website is hosted on the web server. Internally it is protected from the users via folder rights. Only the administrator or the webmaster has the rights to change the contents of the website. It is protected from the external world by firewall and the DMZ network via web filter techniques. Symantec, MacAfee, checkpoint and etc can be used as web filter software to monitor and prevent hackers from destroying the web server. iv. File server All the user’s files are saved on this server. Usually it has three levels of security. (Personal single user access), group (department access) and public (access to all departments in the company). It is protected by antivirus software, through updated security patches, and by frequent backup. Access from outside the company is achieved through Virtual Private Network and protected through firewall and DMZ. As always the system administrator has full access to this server for maintenance and backup. v. Mail server The user’s emails are stored in some encrypted format in the mail server. Only the administrator has the rights to access and perform maintenance on the mail server locally or remotely. The users have access only to their email folders. The mail server is Montclair State University 4 Catherine Alexis Fall2004 Intranet Security protected from the outside through the firewall and DMZ network. The mail filter in the DMZ network filters spam and unwanted email attempts both from outside and from inside the organization. Example if the user from the inside sends a resume or unwanted emails or tries to visits pornographic websites it is blocked through the mail filter. The mail filter also scans email for viruses, worms and Trojan horses thus protecting the mail server and the user workstations. vi. Print Server This server networks all the printers within the organization. It monitors all activity and keeps a log. It is protected by regular antivirus software updates and security patch update. Only the administrator can access this system and do necessary changes. vii. Application Server This server holds all of the application software that are needed by the users. For example office, visio etc. The application software can be installed on the workstations by just mapping on to the application server. This provides for proper inventory and software license maintenance. viii. Database Server The database server holds the database software and the database files. It is protected by antivirus software and database security updates. I) Internal security Every database has several levels of security access. i. Administrator access rights- Can install database software and maintain the database server. ii. Programmer access rights- Limited to their programming needs. iii. Data entry access rights- read and write access to the database tables. iv. User access rights- read only access II) External security External access takes place through the VPN and is protected by the firewall and DMZ network. ix. Security and Monitoring Server Monitors all the components of the Intranet. It does intelligent updates of antivirus software, security patches and service packs on all the servers and workstations. For example if there is a service pack update from Microsoft it is installed on this server and is then pushed to all other severs and workstations. It also gives a detail report on the user activities on the workstation and administrative activities on the servers. x. Workstations The list below gives some suggestions for security measures that should generally be implemented on all workstations, whether new or existing. Further measures may be implemented as resources allow. This list only gives some starting points; it is not exhaustive. In addition, it only provides information on what to do, not how to do it. Montclair State University 5 Fall2004 Catherine Alexis Intranet Security 1. Password security is one of your best defenses. Use strong Administrator passwords — i.e. mix upper and lower case, numbers and special characters, and make long — with Windows 2000 you can go longer than 14 characters, which can have its advantages. 2. Default password and account policies are practically non-existent. Implement better user password and lockout policies — consider using passfilt or an alternative for password complexity, set a minimum password length and educate your users. 3. Never make ordinary users members of Administrator groups. 4. Check for copies of the SAM (Security Account Manager) that everyone can read and secure them (e.g. created by backup software.) 5. Turn on auditing and review your logs regularly. 6. If possible, implement the following registry key changes —    Restrictions for Anonymous Users LAN Manager Authentication Level Send Unencrypted Password to SMB Servers 7. Where time permits, review NTFS permissions and tighten file system security (particularly on WinNT; Win2000 is better.) 8. Review Share permissions. 9. Disabled default “Guest" Username. 10. Confirm that non-common passwords are on every user account. Consider noncommon user names also. 11. The Administrator Account cannot be disabled. 12. Be careful with permissions. Do not use Guests, Everyone or other unauthenticated users. The everyone group contains people you don't know. Guests, if the account is enabled users from other "trusted" domains can gain access. It is indeed better to set up permissions with "Domain Users" or even "Authenticated Users". Everyone is a wide-open special group that you have very little control over. 13. Disable file/printer sharing for TCP/IP and use only printer and file server. 14. When file sharing is necessary, restrict scope and time available. Turn off when not necessary 15. Review Installation and Boot Process in Event Viewer 16. Set Event Viewer Log Size and Wrap Setting 17. Disable Unnecessary Services 18. Set proper Paging File Sizing and Placement. 19. Keep operating system security hot fixes up to date (but take care and back up before applying them.) Montclair State University 6 Catherine Alexis Fall2004 Intranet Security 20. Apply security patches to other major software e.g. IIS, SQL Server, Exchange, Virus and etc xi. Switches A network switch is a device that joins multiple computers together at a low-level network protocol layer. Technically, network switches operate at layer two (Data Link Layer) of the OSI model. Network switches look nearly identical to hubs, but a switch generally contains more "intelligence" (and a slightly higher price tag) than a hub. Unlike hubs, network switches are capable of inspecting the data packets as they are received, determining the source and destination device of that packet, and forwarding that packet appropriately. By delivering messages only to the connected device that it was intended for, network switches conserve network bandwidth and offer generally better performance than hubs. A network switch offers differing port configurations starting with the four- and five-port models, and support 10 Mbps Ethernet, 100 Mbps Ethernet, 1 GB Ethernet or ALL. VI. Security Against The Extranet i. Routers A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers. A router is often included as part of a network switch. Routing is a function associated with the Network layer (layer 3) in the standard model of network programming, the Open Systems Interconnection (OSI) model. A layer-3 switch is a switch that can perform routing functions. An edge router is a router that interfaces with an asynchronous transfer mode (ATM) network. A brouter is a network bridge combined with a router. For home and business computer users who have high-speed Internet connections such as cable, satellite, or DSL, a router can act as a hardware firewall. This is true even if the home or business has only one computer. Many engineers believe that the use of a router provides better protection against hacking than a software firewall, because no computer Internet Protocol address are directly exposed to the Internet. This makes port scans (a technique for exploring weaknesses) essentially impossible. In addition, a router does not consume computer resources as a software firewall does. Commercially manufactured routers are easy to install, reasonably priced, and available for hard-wired or wireless networks. ii. Firewall The term "Firewall" originally meant, and still means, a fireproof wall intended to prevent the spread of fire from one room or area of a building to another. The Internet is a volatile and unsafe environment when viewed from a computer-security perspective therefore "Firewall" is an excellent metaphor for network security. Some of the very Montclair State University 7 Catherine Alexis Fall2004 Intranet Security famous commercial products available are Checkpoint firewall, Cisco Pix firewall, Nokia Firewall and Symantec firewall. Firewall can be configured by the administrator using security policy option in it to block traffics like FTP, HTTP, TCP/IP ports and protocols depending on the requirement. Some of the enterprise version of the firewall provide options to filter and block Trojans. Adwares, spamware and spyware. iii. DMZ Zone Short for demilitarized zone, is a computer or a small sub network that sits between a trusted internal network, such as a corporate private LAN, and an un trusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers. The term comes from military use, meaning a buffer area between two enemies. iv. NAT Connection Network Address Translation (NAT) is a network standard that enables a local area network (LAN) to use one set of IP addresses for intranet traffic and a second set of addresses for external traffic (Extranet Traffic). All necessary IP address translations occur where the LAN interfaces with the broader Internet. NAT converts the packet headers (and in some cases the port numbers in the headers) for incoming and outgoing traffic and keeps track of each session. This does mean, however, that NAT overrides "Internet transparency", a practice in which packets remain intact throughout their transmission. NAT is also provided with Windows Internet Connection Sharing. NAT accomplishes these key purposes:   It acts as a firewall by hiding internal IP addresses. It enables an enterprise to use more internal IP addresses, since there is no possibility of conflict between its internal-only IP addresses and those used by other organizations. Essentially, an organization can present itself to the Internet with fewer IP addresses than used on its internal network, which conserves public IP addresses. It allows an enterprise to bundle multiple ISDN/T1 connections into one Internet connection.  Montclair State University 8 Catherine Alexis Fall2004 Intranet Security VII. Conclusion All the security features and policies described in this paper are some of the preventive measures that must be taken to protect an organization from the disaster of losing its valuable information. Apart from having all these policies and security features it becomes necessary to educate the users about the value of the information because security frauds often happen because of neglect and lack of knowledge of the user about the importance of securing of information. By securing the Intranet the organization can o Minimize potential economic loss o Decrease potential exposures o Ensure organizational stability o Provide an orderly recovery o Minimize insurance premiums o Reduce reliance on certain key individuals o Protect the assets of the organization o Ensure safety of personnel o Minimize decision-making during a disastrous event o Minimize legal liability Montclair State University 9 Catherine Alexis Fall2004