HostedDB - Dedicated UNIX Servers
index_13
Auerbach Publications © 2001 CRC Press LLC 08/01 openly between systems, applications, and users; a VPN simply aug- ments the process and protects it during transmission over the Internet. The process is seamless and transparent, and  it accommodates the traffic and application needs. The result is that data is being shared and utilized by shadowy internal representations of the remote systems. ACCESS  POINTS Having internal services wholly available to systems residing on internal networks is expected. The internal network is typically a controlled, pro- tected, and monitored environment with security policies and proce- dures in place. As services and data are accessed internally, the exposure, or threat to that communication is somewhat known and ac- cepted at some level. Most organizations are aware of security threats on internal networks, but have assumed a level of risk directly proportionate to the value or impact of loss if they were to be attacked. Much of this is attributed to simple population control; they assume greater risk to inter- nal resources because there are fewer people internally than on the In- ternet, interaction is usually required (hence a network), and each system can be monitored if desired. Basically, while some statistics tell us that internal networks are a growing source of attacks to corporate data, organizations feel confident that they can control what lies within their walls. Even organizations that do not have security policies and may con- sider themselves vulnerable will always assume that there is room to grow and implement security measures as they see fit. Nevertheless, the Internet represents a much greater threat in the eyes of many organiza- tions, and this may be a reality for some organizations; each is different. The fundamental point is that the Internet is an unknown and will always be a threat, whereas certain measures can be taken — or the risk can be accepted — more readily on an internal network. In any case, internal networks are used to share information and collaborate to support or grow a business, and it is that open interaction people want from home over the Internet. VPN technology is a total contradiction of the assumed posture and reach of control. The internal network, where applications, services, and data reside, is considered safe by virtue of firewalls, procedures, and pro- cesses overseen by administrators focused on maintaining security in some form or another. However, the nature of VPN negates the basic postulation of corporate security and the understood security attitude. At- tackers that may have been thwarted by hardened corporate firewalls may find remote VPN clients much easier targets that may provide the same results. On the whole, administrators are constantly applying security patches, updating processes, and performing general security maintenance on crit- ical systems to protect them from vulnerabilities. Meanwhile, these vul-