INTRANET SECURITYDefinitionObjectivesArchitectureProtection from withinDomain ControllerWeb ServerFile ServerMail ServerData Base ServerMonitoring serverWorkstationsProtection against the outsideINTRANET SECURITYCatherine AlexisCMPT 585Computer and Data SecurityDr Stefan RobilaDefinition•Intranet is a private network inside a company or organization, that is not accessible to the public. •Companies use Intranets to manage projects, provide employee information, distribute and share data and information.Objectives•Protecting the Intranet from within the organization.•Protecting the Intranet from the outside world (Internet).ArchitectureProtection from within•Physical security–Secure room–No unauthorized accessDomain Controller•Concept –MS, Linux•Grants access to resources•Protected by–Domain Security Policy( Administrator only)–All Devices (USB, Parallel port) DisabledWeb Server•Holds the organizations web site•Protected by–Protected by folder rights (Web master only)File Server•Work Related files are stored on this server•Access from outside is achieved through VPN (Virtual Private Network)•Three levels of protection–Personal access–Group access–Public accessMail Server•Holds users email in encrypted form•Users have access only to their folders•Protected by the mail filter in the DMZ–Filters Spam –Filters Viruses and worms–Prevents attempts to and from unwanted sitesData Base Server•Holds database software and Database files•Every database has several levels of security access. •Administrator access rights- Can install database software and maintain the database server.•Programmer access rights- Limited to their programming needs.•Data entry access rights- read and write access to the database tables.•User access rights- read only accessMonitoring server•Gives detailed report –User activity at the workstations–Administrative activity at the server–Does some intelligent updates• antivirus software and security patches on all the servers and workstations.Workstations•Secure Password•No Administrative privileges•Disable file and printer sharing. Instead connect to printer and file server•Disable unnecessary services.Protection against the outside•Firewall•DMZ (Demilitarized zone)•NAT Connection(Network Address