Since business has realized the potential of the Internet, email and the WWW, many more want to take advantage of this technology. Some do not know what it can do for them, how to use it to their advantage, the potential risks, and what to do to make it all happen.
If your business is considering establishing a presence on the Internet, and you do not have the in-house expertise to examine the issues and provide the solutions, then you need our help!
Pulsar Systems can address all of the following items typically required to fulfill an Internet based solution.
The Internet, Access, Security and Firewalls
by: Carl M. Dula, President
Pulsar Systems, Inc.
What is security and how do you achieve it with your computer? The tightest security is achieved when your computer is turned off. Unfortunately, most of us do not find this an acceptable way to do business. Therefore, we think of security as the ability of our computer to withstand attacks from unauthorized individuals attempting to do something we don't want them to do. An attack can be either passive or active. A passive attack is one where some type of line tapping takes place, and someone typically "steals" logins and passwords, or the data going by, to use against you later. An active attack is one in which a hacker is trying to take over some activity or process performed on or by your system. In the case of the Internet, the problem is even more profound, since we have absolutely no control as to who may attempt access to our site, and where and how data travels to and from our system. In an attempt to reduce our exposure to these risks we must take whatever steps possible at the only point we can, the point of entry to our system.
Before the issue of security, you first need to obtain a presence on the Internet. The following describes those steps necessary to establish this presence, and permit you to serve web pages. You will require a host system (typically UNIX based for our purposes, but could also be a PC with Windows or NT) with Internet server software. Internet server software is that software which permits your host to "talk" to the Internet, send and receive mail, display your home page on the Web, and more. Major hardware manufacturers typically offer their own version of this (ex. IBM Internet Connection), or you can use a generic product such as NetScape. Please note that this server software is not the same as a browser, which is what you use on a PC to access the Internet. Internet server software is available with different features to address specific needs. The two major categories are the communications server and the secure server. The communications server is basically that; software that will serve pages in the open. This is suitable if you do not care who (hacker) can see what is passed to and from your website. For example, if you are displaying catalogue pages of products you sell, it can be sent in the open. The secure server has the ability to transmit and receive information in an encrypted format. Each site uses a special encryption key registered to them alone. When your site initiates a dialogue that is considered secure, it places the corresponding browser in secure mode, and the transmissions take place encrypted. Anyone snooping on the connection would only see encrypted data, which would appear as junk. A secure server might be used in the case where you are displaying customer data to your outside sales staff or remote office.
To establish your site you will require a leased line connection to an Internet provider. A provider is the company that your line will connect to, who will provide Internet access to your site, and to whom you will pay monthly access charges. You must have a leased telephone line connection, as opposed to a dial connection, since your site is to be available at all times. There are many types, speeds, telecommunications equipment and options for this connection. Low volume sites will typically have a 56K line, while major sites will use a T1. Your host will require TCP/IP hardware and software be installed and configured for connection to the provider leased line. With all the above, proper setup and configuration, you will have a presence on the Internet.
From a security standpoint, keep in mind that the computer you run the web server on is going to be connected to the Internet, a public network. This is the equivalent of leaving your front door open each day when you go to work, and hoping no one will come and take anything. Unless you have a totally separate web server system, with nothing on it you cannot afford to lose, everything "read only", where everything can easily be recreated, you have a security problem. Most of us have been through the situation where our corporate database system has gone down for one reason or another. We know how anxious everyone gets until it is back up, and proven to be working properly. This problem occurs once in a while, typically due to a hardware problem. Now consider the wily hacker visiting your site via the Internet. If you have no security (your web server is running on your database system), the knowledgeable hacker can get to your root directory and perhaps do rm * You say "no way", they won't get the password! Well, they don't need it! Given the fact you are running networking software on your host, this opens many holes in security. There are also many holes in UNIX that most sites do not close, which are also exploited by the hacker. If your site is targeted, the hacker will most likely have automated tools to try every possible way in. If you are unprotected, it won't take long to find a way into your system to do whatever they please.
Many sites will consider the router supplied by the Internet provider as their security screen. A router only serves to keep the honest that way, and is the equivalent of putting a $5 lock on your front door. Router screening/filtering is better than nothing, but not by much. It won't stop IP spoofing or many of the other techniques used to gain access. At the very least the web server should be on a separate computer from your database server, or a firewall used. If you are very security conscious, then a third separate system should also be used. This configuration provides database, web, and firewall systems. The typical configuration for most business accounts will be to use a separate firewall system and put the web server on your database system. In this manner you have at least isolated the internal network from the outside world.
The selection of the firewall hardware and software can be a complicated process. The hardware must be adequately configured so as not to become a bottleneck, since all traffic (http, mail, ftp, telnet, etc.) will pass through it. It will also require a CD ROM and/or a tape drive, and adequate disk space to maintain and review logs. You must also have a way to back it up, either via a network or tape. Full featured firewall software usually costs about $10,000 on a UNIX based system. You can find less expensive products for PC's, but they typically do not have the features of an NCSA certified product. Since you are already spending a significant amount of money to protect your site, would it make sense to skimp on the software that will do the job? Once purchased, configuration of the firewall software can be a significant effort. Depending upon your knowledge of TCP/IP, networks, etc., and the complexity of your requirements, you may want to obtain assistance with this part of the job. Once installed, testing is another issue. Again, it is no small task to verify that your firewall is properly installed and configured, and does everything you want it to.
Now that you have the connection, you must design and create your home page for the web, plus everything else a visitor will see, and all the things that go with this. You can have art, pictures, movies, drawings, or just about anything you can think of. Depending upon the complexity, you might do this yourself, or in conjunction with a graphics art firm. Your need for an artist will be determined by how sophisticated you wish to get. Once your site is up and running you will have to provide regular administration for it. This includes the housekeeping, creating new display items, monitoring usage and more.