Intranets

Introduction
A Global View of an Intranet
Firewalls
How Firewalls Work
Intranets
Introduction
What exactly is an intranet? It's one of those terms that are more thrown around than
understood, and has become more of a buzzword than a commonly understood idea. Simply
put, an intranet is a private network with Internet technology used as the underlying architecture.
An intranet is built using the Internet's TCP/IP protocols for communications. TCP/IP protocols
can be run on many hardware platforms and cabling schemes. The underlying hardware is not
what makes an intranet –it’s the software protocols that matter.

Intranets can co-exist with other local area networking technology. In many companies, existing
"legacy systems" including mainframes, Novell networks, minicomputers, and various
databases, are being integrated into an intranet. A wide variety of tools allow this to happen.
Common Gateway Interface (CGI) scripting is often used to access legacy databases from an
intranet. The Java programming language can be used to access legacy databases as well.
With the enormous growth of the Internet, an increasing number of people in corporations use
the Internet for communicating with the outside world, for gathering information, and for doing
business. It didn't take long for people to recognize that the components that worked so well on
the Internet could be equally valuable internally and that is why intranets are becoming so
popular. Some corporations do not have TCP/IP networks, the protocol required to access the
resources of the Internet. Creating an intranet in which all the information and resources can be
used seamlessly has many benefits. TCP/IP-based networks make it easy for people to access
the network remotely, such as from home or white traveling. Dialing into an intranet in this way
is much like connecting to the Internet, except that you're connecting to a private network
instead of to a public Internet provider. Interoperability between networks is another substantial
bonus.

Security systems separate an intranet from the Internet. A company's intranet is protected by
firewalls-hardware and software combinations that allow only certain people to access the
intranet for specific purposes.

Intranets can be used for anything that existing networks are used for – and more. The ease of
publishing information on the World Wide Web has made them popular places for posting
corporate information such as company news or company procedures. Corporate databases
with easy-to-build front-ends use the Web and programming languages such as Java.

Intranets allow people to work together more easily and more effectively. Software known as
groupware is another important part of intranets. It allows people to collaborate on projects; to
share information: to do videoconferencing; and to establish secure procedures for production
work. Free server and client software and the multitude of services, like newsgroups, stimulated
the Internet's growth. The consequence of that growth stimulated and fueled the growth of
intranets. The ease with which information can be shared, and with which people can
communicate with one another will continue to drive the building of intranets.

A Global View of an Intranet

An intranet is a private corporate or educational network that uses the Internet's TCP/IP
protocols for its underlying transport. The protocols can run on a variety of network hardware,
and can also co-exist with other network protocols, such as IPX. People from inside an intranet
can get at the larger Internet resources, but those on the Internet cannot get into the intranet,
which allows only restricted access from the Internet.

• Videoconferencing is an important application that requires sending massive quantities of

data. Intranets can be built using components that allow the extremely high bandwidths
required for transferring such information.

• Often an intranet is composed of a number of different networks inside a corporation that all
communicate with one another via TCP/IP. These separate networks are often referred to
as subnets.
• Software that allows people to communicate with each other via e-mail and public message
boards and to collaborate on work using workgroup software Js among the most powerful
intranet programs. Applications that allow different corporate departments to post
information, and for people to fill out corporate forms, such as time sheets, and for tapping
into corporate financial information are very popular.

• Much of the software used on intranets is standard, off-the-shelf Internet software such as
the Netscape Navigator and the Microsoft Explorer Web browsers. And customized
programs are often built, using the Java programming language and CGI scripting.

• Intranets can also be used to allow companies to do business-to-business transactions,

such as ordering parts, sending invoices, and making payments. For extra security, these
intranet-to-intranet transactions need never go out over the public Internet, but can travel
over private leased lines instead.

• Intranets are a powerful system for allowing a company to do business online, for example,
to allow anyone on the Internet to order products. When someone orders a product on the
Internet, information is sent in a secure manner from the public Internet to the company's
intranet, where the order is processed and completed.

• In order to protect sensitive corporate information, and to ensure that hackers don't damage
computer systems and data, security barriers called firewalls protect an intranet from the
Internet. Firewall technology uses a combination of routers, servers and other hardware and
software to allow people on an intranet to use Internet resources, but blocks outsiders from
getting into the intranet.

• Many intranets have to connect to "legacy systems” – hardware and databases that were
built before an intranet was constructed. Legacy systems often use older technology not
based on the intranet’s TCP/IP protocols. There are a variety of ways in which intranets can
tie to legacy systems. A common way is to use CGI scripts to access the database
information and pour that data into HTML formatted text, making it available to a Web
browser.

• Information sent across an intranet is sent to the proper destination by routers, which
examine each TCP/IP packet for the IP address and determine the packet’s destination. It
then sends the packet to the next router closest to the destination. If the packet is to be
delivered to an address on the same subnetwork of the intranet it was sent from, the packet
may be able to be delivered directly without having to go through any other routers. If it is to
be sent to another subnetwork on the intranet, it will be sent to another internal router
 address. If the packet is to be sent to a destination outside the intranet – in other words, to
an Intranet destination – the packet is sent to a router that connects to the Internet.

Firewalls
All intranets are vulnerable to attack. Their underlying TCP/IP architecture is identical to that of
the Internet. Since the Internet was built for maximum openness and communication, there are
countless techniques that can be used to attack intranets. Attacks can involve the theft of vital
company information and even cash. Attacks can destroy or deny a company's computing
resources and services. Attackers can break in or pose as a company employee to use the
company's intranet resources.

Firewalls are hardware and software combinations that block intruders from access to an
intranet while still allowing people on the intranet to access the resources of the Internet.
Depending on how secure a site needs to be, and on how much time, money, and resources
can be spent on a firewall, there are many kinds that can be built. Most of them, though, are
built using only a few elements. Servers and routers are the primary components of firewalls.

Most firewalls use some kind of packet filtering. In packet filtering, a screening router or filtering
router looks at every packet of data traveling between an intranet and the Internet.

Proxy servers on an intranet are used when someone from the intranet wants to access a
server on the Internet. A request from the user's computer is sent to the proxy server instead of
directly to the Internet. The proxy server contacts the server on the Internet, receives the
information from the Internet, and then sends the information to the requester on the intranet.
By acting as a go-between like this, proxy servers can filter traffic and maintain security as well
as log all traffic between the Internet and the network.

Bastion hosts are heavily fortified servers that handle all incoming requests from the Internet,
such as FTP requests. A single bastion host handling incoming requests makes it easier to
maintain security and track attacks. In the event of a break in, only that single host has been
compromised, instead of the entire network. In some firewalls, multiple bastion hosts can be
used, one for each different kind of intranet service request.

How Firewalls Work

Firewalls protect intranets from any attacks launched against them from the Internet. They are
designed to protect an intranet from unauthorized access to corporate information, and
damaging or denying computer resources and services. They are also designed to stop people
on the intranet from accessing Internet services that can be dangerous, such as FTP.

1. Intranet computers are allowed access to the Internet only after passing through a
firewall. Requests have to pass through an internal screening router, also called an
internal filtering router or choke router. This router prevents packet traffic from being
sniffed remotely. A choke router examines all packets for information such as the source
and destination of the packet.

2. The router compares the information it finds to rules in a filtering table, and passes or
drops the packets based on those rules. For example, some services, such as rlogin,
may not be allowed to run. The router also might not allow any packets to be sent to
 specific suspicious Internet locations. A router can also block every packet traveling
between the Internet and the internal network, except for e-mail. System administrators
set the rules for determining which packets to allow in and which to block.

3. When an intranet is protected by a firewall, the usual internal intranet services are
available-such as e-mail, access to corporate databases and Web services, and the use
of groupware.

4. Screened subnet firewalls have one more way to protect the intranet – an exterior
screening router, also called an exterior filtering router or an access router. This router
screens packets between the Internet and the perimeter network using the same kind of
technology that the interior screening router uses. It can screen packets based on the
same rules that apply to the internal screening router and can protect the network even if
the internal router fails. It also, however, may have additional rules for screening packets
specifically designed to protect the bastion host.

5. As a way to further protect an intranet from attack, the bastion host is placed in a
perimeter network-a subnet-inside the firewall. If the bastion host was on the intranet
instead of a perimeter network and was broken into, the intruder could gain access to
the intranet.

6. A bastion host is the main point of contact for connections coming in from the Internet for
all services such as e-mail, FTP access, and any other data and requests. The bastion
host services all those requests – people on the intranet contact only this one server,
and they don't directly contact any other intranet servers. In this way, intranet servers are
protected from attack. Bastion hosts can also be set up as proxy servers.