HostedDB - Dedicated UNIX Servers
index_14
Auerbach Publications © 2001 CRC Press LLC 08/01 nerabilities remain on end-user systems, whose users are much less likely to maintain their system with the same integrity. In the event that an ad- vanced user were to introduce a comprehensive protection plan, many remote systems do not run enterprise-class operating systems and are in- herently insecure. Microsoft’s Windows 95 and 98 platforms are currently installed on the majority of personal or end-user class systems and are well-known for limited security capabilities and overall robustness. Therefore, fundamental flaws weaken any applied security in the system. The collision of the attributes that contribute to a common VPN imple- mentation result in the cancellation of applied security infrastructure at the corporate site. Nearly every aspect of Internet facing protection is in- validated the minute a user connects to corporate with a VPN. A single point of protection applies only if the protected network does not inter- act with the volatile environment being evaded. ENVELOPE  OF  SECURITY To fully grasp this immense exposure, envision a corporate network seg- mented from the Internet by an arsenal of firewalls and intrusion detec- tion systems, and suppose even that armed guards protect the building housing a private community of systems. Assume that the data on the network is shared and accessed in the open while on the internal net- work. Each system participating is protected and controlled equally by the establishment. Now, take one of the systems to an uncontrolled remote location and build a point-to-point connection with modems. The remote computer is still isolated and not connected to any untrusted systems other than the phone system. The communication itself is relatively anonymous and its interception would be complicated, if discovered. However, as we see in VPNs, encryption can be applied to the protocol over the phone system for added protection. Next, take the same system at the remote location and connect it to the Internet and establish a VPN to the corporate network. Now the system is exposed to influences well beyond the control realized when the comput- er was at the corporate office; still, the same access is being permitted. In the foregoing three examples,  degradation in security occurs as the computer is removed from a controlled environment to a remote location and dial-up access is provided. The risks range from the system being stolen to the remote chance of the transmission being captured while communicating over the telephone network, but the overall security of the system and the information remains relatively protected. However, when the remote computer is placed on the Internet, the exposure to threats and the risk of operation is increased exponentially. In the beginning of the example, the systems reside in an envelope of protection, isolated from unauthorized influences by layers of protec-