Corporate networks and the Internet: how much security is enough?

Real Estate Weekly, Sept 15, 1999 by William Dougherty

An increasing number of today's computer users are finding that they require Internet connectivity to perform various business functions. Almost always, the first question they ask is, "is it safe?" The answer is not a simple one. Increasingly, our time in network consulting is spent developing security solutions. We offer the following as a primer on Internet/LAN connectivity and security.

When computers talk over a network, they use special languages or "protocols" to communicate. The protocol in use on the Internet is Transmission Control Protocol/Internet Protocol (TCP/IP). On top of TCP/IP are a host of other higher-level protocols used for things such as e-mail, Web browsing, FTP, Push technologies, and even video and video conferencing. The downside to all this communication is that with the new openness also comes exposure to risk. How then do we enable these new communications without unduly risking theft, vandalism or destruction of our corporate data?

Typically, a LAN connects to the Internet through a single connection. This connection is in the form of a router. The router is a device that has one connection to the LAN and another to the Internet Service Provider (ISP).

One way of defending against unauthorized access is by using router-based packet filtering. Packets are the pieces of data coming into or going out of a LAN. These packets are usually a small part of the overall communication. For instance, an e-mail message sent from a computer on a LAN to another computer on the Internet will likely be broken down into several small packets. These packets are then sent to the destination host, where they are then reassembled into the original message.

Packet filtering consists of a set of rules that either grant or deny access to or from a network based on simple features of the packet itself. Packet filtering can defend against certain kinds of simple attacks, but most security schemes do not utilize it as the primary means of perimeter defense.

Today's networks are more commonly protected by more sophisticated devices called "firewalls." A firewall is usually a computer running special software. Most of today's firewalls employ a technique called application proxying. When a request for a connection comes to a firewall, it inspects the request to find out if the packet is considered a valid request. If so, it then initiates a communication on behalf of the requesting machine. When the firewall receives a response, it passes the response along to the original requesting machine.

For example, a user sitting at her desk wants to look at a site on the World Wide Web. That user starts her browser software and types in a Uniform Resource Locator (URL) or web address. The browser software sends a request for that web site to the firewall. Depending on how the firewall is configured, it can then determine whether that user or even that computer has permission to browse the web.

If permission is granted, the firewall then makes the request to the particular web site on behalf of the requesting client. This effectively hides the original user's machine from anyone who might be listening to that traffic on the Internet. When the web site sends back the requesting pages, the firewall accepts them and then forwards the information to the original requester.

While firewalls are often used to limit the internal user's access to the Internet, its more important role is in protecting the internal network from unauthorized access. This access can range in kind from simple eavesdropping to actual data manipulation. A company must ask itself how important it is to avoid each of these types of activities.

It is estimated by the Computer Emergency Response Team (CERT), an international organization dedicated to network security, that most unauthorized accesses go undetected by those managing the victim network. Keeping your data private and undisturbed can be done by means of implementing a security plan which includes an Internet firewall.

Most firewalls have early warning systems. If the firewall detects someone trying to probe it for weaknesses, it can generate an alert to the appropriate systems administrator to take note. Additionally, a firewall can log every single activity that takes place across it. While no perimeter defense can truly be called 100 percent secure, today's firewalls are in most cases strong enough to deter all but the most determined hack attempt.

If the Internet is in your future, avoid potential problems by making the connection a secure one.