Extranets Help
Welcome to Extranet Help - the purpose of this mini-site is to help you understand what an extranet is compared to the internet and intranet, respectively.
The Basics:
If you have any questions, please feel free to contact us from the link above.
Key Concepts in Extranet Security
The goal of an extranet is to provide the outside world access to an organization’s internal infrastructure. When there is any outside force granted access to an organization, security concerns arise as a result. But how do you secure against the outside world without defeating the entire purpose of an extranet?
Isolation of Extranet Resources
The idea behind isolation is simple: if an unauthorized user has no way of accessing a protected network, then security concerns aren’t a problem. The trick is to divide a network into separate sub-networks, so we can route these unauthorized users to the appropriate destination.
Isolation can be achieved via subnetting a network - which will divide the networks into sub-networks. These separate networks can then have specific security rules applied to them via a firewall or via router configuration. Many routers have support for what is called access lists- which are designed specifically to deny and permit all kinds of different traffic to and from specific locations.
The subnet approach requires that careful pre-design plans take place before the construction of the extranet. An organization’s confidential resources may be placed on one subnet, while the public-access resources can be put on a less secured subnet. This often requires the need of outsourced labor, if an organization doesn’t already have an employee adept in network design and router configuration.
Virtual Private Networks and Encryption
Virtual private networks, or VPNs, are used for employees who prefer to work at home or while travelling. Secure access is given through tunneling protocols, as long as the right credentials are given. But what isn’t always secure is the information that is being transferred between the organization and employee- and thus, we need encryption.
Many public networks are unsecure- and therefore, certain tools can pick up packets of information on a network with relative ease. Other insecurities, such as the man in the middle attack, can even have a malicious user act as your own computer- and send the organization seemingly real data from what seems to be your computer!
To get around these insecurities, a set of protocols known as IPSec (short for IP Security) should be used. These protocols will be able to authenticate or encrypt each packet of information as it is sent or received- eliminated the possibility for a malicious user to intercept the packets.
Employee Education on Extranet Security
The easiest way for a hacker to take advantage of a network is through social engineering. Social engineering is the art of deceiving an organization’s employee to get confidential information about the network. Social engineering has also been known to include digging through trash cans for passwords or other information. Some of the more innovative social engineering attempts even include actors dressing up as janitors, and snooping around under disguise.
Other employees may be careless with login credentials. If an employee leaves a computer for more than a few minutes, the user should sign-out of the company’s network. It is all too easy for someone to simply hijack a session, simply because the employee is out for a few minutes. Certain tools only require mere seconds before most system passwords can be revealed.
These two examples of poor employee training prove that a little security education can go a long way. It’s better to take a few minutes during training than to have a headache when a security breach is experienced as a result of poor security practice.