Risks associated with using the internet as part of a private business solution
An extranet is a private network that connects to the internet. It allows access to the private network’s information by authorized people. For a company to implement an extranet, an organization’s intranet is connected to the web. The server that stores web pages lodges behind a firewall that controls entree to the intranet from the internet. The firewall permits access to information by users depending on their clearance levels which are determined by varying authentication parameters. ING insurance company implemented an extranet from the year 1997 to facilitate communication between its regional offices and the over two thousand brokers dealing in their products. Though fast and somewhat secure, using the Internet to allow access to sensitive company data, for instance, client records can bear catastrophic results in the case of a security breach (Newman, 2010).
Extranets are vulnerable to attacks and risks of being compromised just like any other computer system. Hackers can dig through an extranet looking for vulnerabilities to exploit and interfere with its integrity, rendering it useless or even unavailable to its users. For instance, a hacker can infiltrate the system and pose as the receiving party on one end of an online information exchange platform. This phenomenon is known as Man in the Middle (MITM). The cyberpunk can then use the information they acquire to commit identity theft. Corporations can attack their competitors’ systems in a deliberate attempt to slow down or halt their service delivery capabilities. Business organizations are known to infect rival computer networks with malware to steal vital company information; a crime commonly referred to as corporate espionage (Newman, 2010).
Delegate your assignment to our experts and they will do the rest.
Apart from deliberate actions to compromise computer systems, there are other several ways through which they become slow or totally non-functional. If an extranet has a small and uncontrolled bandwidth link, connection continually fails. As a result, communication between say ING’s headquarters and a broker seeking some information is cut off or delayed, which can cause losses due to the inconvenience. Factors beyond anyone’s control can interfere with an extranet. For instance, a storm can destroy an Internet Service Provider’s (ISP) infrastructure immediately causing the link to provider failure. Power surges destroy servers, routers, switches and other extranet equipment leading to the destruction of critical company information. Extranets are expensive to set up, and they abbreviate contact between businesses and their customers. This minified reach drives a feeling of alienation and reduces customer and client loyalty, which dangerous for any company.
ING’s extranet security measures and their adequateness
The core security feature in ING’s Life’s extranet was the Cisco PIX (Private Internet eXchange) firewall. The firewall enforced a security policy using a proprietary embedded system which increased its protection capabilities, enhanced scalability and lessens complexity. It had several features that allowed it to serve its purpose. The access lists feature set up access lists if the security policy restricted outgoing connections. The Adaptive Security Algorithm lineament monitored return packets to ascertain their validity. It also created stochastic TCP sequence numbers to minimize exposure to TCP sequence number attacks. The firewall blocked Active X technologies that are notorious for causing computer network failures. Using the Flood Defender, PIX protected internal systems from SYN floods. The Graphical User Interface with a firewall manager enforced password protection and confines access to the HTML interface to defined client systems within the internal network (Riley, 2005).
Cut through proxies in the Cisco Pix firewall controlled administrative connections and provided inward certification. The Identity feature allowed the outside interface to view internal network addresses. Mail Guard imposed Simple Mail Transfer Protocol (SMTP) commands to defend the SMTP server from crashing and also logged every SMTP connection. The Network Translation (NAT) and Port Address Translation (PAT) features concealed the actual network identity of internal systems from the external network. The modified installation setup wizard eradicated most configuration troubles (Riley, 2005).
From all these sophisticated security and protection features, one would easily assume that the PIX platform was 100 percent foolproof. However, just like any other system, this too was vulnerable to attacks. A National Security Agency (NSA) related outfit, the Equation group hacked into the Cisco PIX Virtual Private Network (VPN) using a password revealing tool they developed. The public that the NSA exploited this exposure to bug virtual private networks for many years raise such questions as how safe are extranets? And how active firewalls are?
Some firewalls have overly strict restriction policies. These rules sometimes inhibit legitimate staff members from executing their duties properly. This entrammels productiveness and performance and can even actuate workers to come up with ways of going around the firewall to do their jobs. When employees use backdoors around the firewalls and into the system, it exposes the entire system to external attacks. Software based firewalls occupy vast memory space and use up a lot of processor power when running, slowing down the computer system’s functioning. Firewalls only inhibit uncertified transmission of information; they do not protect a system against malware, viruses, and spyware. Firewalls are designed to defend a computer network against external threats; they are nakedly exposed to assaults from the inside. This is to say that a disgruntled staff member with ulterior motives can easily compromise and destroy the whole system. Firewalls are expensive to install and maintain. Software firewalls call for a considerable investment in terminals while hardware firewalls need to be mounted on every network node. Maintenance of the firewall is also a costly venture (Newman, 2010).
Alternatives to the extranet model of communication
Having exhausted analysis of the extranet model, its features and its ups and downs, we should explore other technologies in place to facilitate communication and interaction within and between companies. The list of alternatives to the extranet is long, but the Remote Desktop and cloud computing are two of the most viable options for companies looking to automate operations and communications in a convenient and secure manner. Remote desktop technology allows an operating system and application software to reside on a central server but runs simultaneously on several local hosts. The fact that all files and applications are stored in a secure server ensures their safety even when local nodes are threatened or compromised.
Cloud computing smoothens an organization’s operations in ways that were previously deemed impossible. The cloud provides everything a company needs including remote monitoring, desktop, and workstation supervision instruments, removed data backup tools, e-mail archiving technology and antiviruses. Private cloud services ensure top notch security and super-fast access speeds when portioning out the internet with other users on a populace connection. Most cloud-based applications are compatible with modern technological gadgets including smart televisions and phones, tablets, personal computers, and workstations (Halpert, 2011).
For an organization to succeed in today’s competitive and staggeringly dynamic business environment, it must communicate and engage clients in real-time. Long Term Evolution (LTE) networks, which are supported by the cloud, have made this possible. Cloud helped secure video conferencing tools allow employees based away from a company’s headquarters to operate and interact smoothly with others in all the branches. Cloud computing has facilitated the globalization of many startups and small businesses. By exploiting cloud computing services and facilities, small and medium enterprises have metamorphosed into full-blown multinationals. Technology has driven innovation, development, and expansions in all sectors of life. It has also driven cybercrime. It is, therefore, important to always have modern network security apparatus, which should be regularly updated and improved (Halpert, 2011).
References
Halpert, B. (2011). Auditing cloud computing: a security and privacy guide. Hoboken, NJ: John Wiley & Sons.
Newman, R. C. (2010). Computer security: protecting digital resources . Sudbury, MA: Jones and Bartlett.
Riley, C. (2005). Cisco Pix firewalls configure, manage, & troubleshoot . Rockland, MA: Syngress.
