Module 13: Internetworking and Intranetworking
It is possible to integrate a corporate intranet
with the Internet. Both can be supported by the same network system. Following security
implications should be considered before attempting to integrate an intranet with the
Internet.
- Maintain data that is downloaded to an intranet
site separately from information distributed over the Internet.
- Usually, intranet sites are casual and informal,
while Internet sites generally reflect the public image for the organization
- It may not be advisable to grant full intranet
access to Internet users.
- Using these makes it possible to publish
information or services (Web pages, interactive applications) and to post and track
databases on the Web.
- They support the Internet Server Application
Programming Interface (ISAPI). This is used to create interfaces that can be used for
client/server applications.
IIS and PWS are network file and
application servers that use:
- HTTP; is used to create and navigate Web hypertext
documents and applications
- Gopher service is a hierarchical system used to
create links to other computers or services, to put these links into custom menus, and to
annotate files and directories.
- FTP is used to transfer files between two
computers on a TCP/IP network.
IIS |
PWS |
Any computer running
Windows NT Server |
Any computer running
Windows NT Workstation |
Supports the heavy
usage |
Used for small scale
Web server or an individual |
Both can use Performance Monitor and Event Viewer |
Key features
that IIS and PWS provide for a computer running Windows NT
Feature |
Use this feature to |
File
publication |
Publish existing files
from Windows NT |
Network
management |
Monitor and record
network activity and provide clients with access to valuable network resources such as
HTML pages, shared files and printers |
Security |
Provide clients with
secure access to Internet and intranet resources |
Support for
common Internet standards |
Enable development of
Web applications using languages such as CGI (Common Gateway Interface) and PERL
(Practical Extraction and Report Language) |
Microsoft
Internet
Explorer |
Enables Windows 3.11,
Windows for Workgroups, Windows NT, Windows 95 and Macintosh easy access to the Web |
Scalability |
Enable Internet access
to multiple platforms running on standard hardware packages, including single and
multiprocessor servers |
Support for
Microsoft BackOffice applications |
Provides businesses
with ability to deliver commercial solutions on the Web (SQL Server and SNA Server) |
IIS Installing Requirements: |
- Windows NT Server computer with TCP/IP
- CD-ROM drive or LAN connection to server sharing
installation files
- Adequate disk space for published information
content. Using NTFS file and directory permissions to secure all of the disks used with
IIS is recommended.
- Previous versions of FTP, Gopher or other Web
services should be disabled.
Changes can be made to a current installation of
IIS through the Internet Information Server Setup icon located in Microsoft Internet
Server (Common) folder.
Can be installed when Windows NT Server is
installed, or later using Network program or the Install Internet Information Server icon
located on desktop.
PWS Installing Requirements: |
- Windows NT Workstation 4.0 and TCP/IP
- the rest the requirements are the same as IIS.
Install PWS through Network applet in Control Panel.
Changes can be made to a current installation
of PWS through the Peer Web Services Setup icon located in Microsoft Peer Web Services
Internet Server (Common) folder.
Use
Microsoft Internet Service Manager (ISM) to:
- Enhance configuration a performance for both;
located in both Common folders.
- Provides mechanism to configure and monitor the
Internet services running on any computer running Windows NT in the network.
- Internet Service Manager List Box
Properties
User connections and user logon and
authentication requirements

the home directory for each service

server activity tracking through the Logging
tab

secured access by IP address and bandwidth for
each service
Configuring Services
ISM can be used to configure following services:
- WWW services; set and show a default
document when users dont specify a particular file.
- Gopher service
- FTP service
- to add an annotation file to each directory to
help describe the files in that directory.
- to enable FTP clients to be used to view files on
Windows NT NTFS partitions in same format as a traditional UNIX FTP server, select UNIX on
the Directory Listing Style tab. (check this out)
Allow Anonymous Access with the Internet
Guest Account. |
- On many Internet servers, access is anonymous;
user name and password not required.
Note: Internet
Guest account is added to the Guest group. Changes to the Guest group user rights and
resource permissions also apply to the Internet Guest account |
Require a User Name and Password on
WWW and FTP resources |
There
are two types of authentication available when requiring a user name and password:
- Basic Authentication does not encrypt
transmissions between client and server. Intruders could discover valid user name and
passwords.
Windows NT Challenge/Response
authentication, supported by Microsoft Internet Explorer version 2.0 or later,
protects the password; thereby, providing for secure logon over the network. User account
obtained from client is the one with which the user logged on at the client.
Note: FTP
server supports only basic authentication, so an FTP site is more secure if only anonymous
connections are allowed. |
Guidelines for Securing an Internet or
Intranet Site:
- Dont allow blank passwords.
- Require minimum password length.
- Require frequent password change.
- Use different passwords each time they must
change.
- Lock out accounts after failed logon attempts.
- Require administrator to unlock locked accounts.
- Require users with restricted hours to be
automatically disconnected
|