Search:


AdvancedHelp
What's New
Site Map
Subscriptions

Home
NetFlash
This Week
Forums
Reviews/buyer's guides
Net Resources
Industry/Stocks
Careers
Seminars and Events
Product Demos/Evals
Audio Primers
Free newsletters

IntraNet


Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
Get sensible about securing your intranet

By Mark Gibbs
Network World, 7/27/98

Having just finished a review of disk, folder, file and e-mail encryption products, I've been wondering who uses this type of software in the corporate world. So I posed that question to Intranet's e-mail list, the Intranet Business Group (IBG). (You can join the IBG by going to www.gibbs.com/ibg-list.htm.)

My guess was that few IBG subscribers used encryption routinely, as I never noticed anyone sending a posting that included, for example, a Pretty Good Privacy (PGP) key in the signature.

The replies to my message were revealing. People said encryption products are complex to manage and unnecessary because they don't present any great threats to their privacy. Several subscribers also pointed out that the cost of encryption is hard to defend because there is no quantifiable return on investment.

At the heart of the problem is the fact that computer security is nowhere near as highly valued an attribute of computer systems as processing speed or storage capacity. I've talked to thousands of network managers over the past few years, and generally the only organizations that have rigorous computer security policies are government agencies and their private-sector partners.

It often seems network managers view security as something that comes from outside the organization by being embedded in applications and services. For example, 75% of network managers at Fortune 1,000 companies responding to a Forrester Research, Inc. survey last year said they wanted the Internet to have better security before they would consider using it as a corporate WAN.

See what I mean? That response strongly implies that the respondents don't understand they can add security now, by and for themselves. They could use virtual private networks (VPN), encryption, authentication and a whole stack of other technologies. These people see security as someone else's domain that they can just buy into if they want.

Let me suggest an alternative: Think about security as a quality control issue.

Computer systems must be robust - that is, well-built - to have intrinsic value. And to be well-built, computers must be strategically designed. If you use security as a design principle, you'll be demanding verifiable operation and implicit control over access and data. These are fundamental issues in ensuring robust operation - the security viewpoint focuses on how the system is used and not just how it functions. I say the need for security - and robustness - is greater than ever. Lax security is a much greater risk with intranets than general LANs.

Consider your own intranet. If it's been around for any length of time and employees use it seriously, chances are it houses a lot of sensitive data. What happens if someone who doesn't have the company's best interests at heart could explore that informational jungle without you knowing?

That person could extract information - not just data - about how the company operates and its customers in potentially incredible detail. And he could research your staff (intranets are gold mines for headhunters). Building intranet security requires three steps:

  • First, control user access. You must define user access at the server end of the connection and, ideally, you need more than just a name and password at the client. You should be considering biometric or token-based authentication. For the former, check out American Biometric's BioMouse, a really neat fingerprint scanner for $299. For the latter, try Security Dynamics' SecureID card.

  • Second, control network access. This requires firewalls and VPNs to define and constrain which users use which protocol and get access to which services. Should Fred in engineering be able to access the mail server in accounting, for example?

    Optionally, you should consider using encryption and authentication so only authorized users get access to sensitive data. I say optionally because much depends on the nature of your users and the data with which they work.

  • Third, you've got to create an intranet instrumentation system so you can measure, monitor and report server status (see Intranet, September 1997, page 27). Then you need to audit the intranet servers regularly to check the accuracy of your assumptions about how the network and intranet are being used. Security should be central to your intranet thinking. Get it in place now. When your intranet dominates your IT world, it will be too late to incorporate it. And without built-in security, your intranet will be a liability rather than the most effective information publishing system ever.

    Gibbs can be reached at imcolumn@gibbs.com, but don't expect a PGP signature.

    Feedback | Network World, Inc. | Sponsor Index
    Marketplace Index | How to Advertise | Copyright

    Home | NetFlash | This Week | Industry/Stocks
    Buyer's Guides/Tests | Net Resources | Opinions | Careers
    Seminars & Events | Product Demos/Info
    Audio Primers | IntraNet


    • For more info:

    Back to the IntraNet index page

    P>