EDUCATIONAL INTRANETS: SECURITY THREATS AND MEASURES

By Galen Collins, Ph.D.

 

 

Introduction

 

Various entities at all levels are seeking the benefits of Internet technologies. The Internet, however, was not conceived as an educational or business tool. But organizations are using the infrastructure and standards of the Internet and the World Wide Web to build private networks or Intranets to make applications, such as distance learning and e-mail, and internal and external information easily accessible in a friendly format. Consequently, educational organizations are rapidly implementing Intranets with Internet connections. Bruce and Dempsey (1997) point out that this has greatly complicated network security.  They maintain that it is easy to lose track where the protection is required, what is needed, and how to go about implementing it

            While the benefits of an Intranet far out weigh the problems associated with it, proper precautions must be taken to reduce the risk of exposing network users to inappropriate material and potentially illegal or harmful situations. The integrity of the information system and the confidentiality of its contents must also be preserved.

This article discusses security threats and measures for protecting educational Intranets against intrusion. Security risks and types of security threats are examined. Firewalls, terminal-use controls, anti-spyware and anti-spam software, virus-protection strategies, biometrics, encryption, intrusion detection systems and security policies are explored.

 

Security Risks

            Educational Intranets are attractive targets for attacks and prohibited activities. They typically have high-speed connections, a large number of lightly monitored computers, and a lack of restrictive communication barriers. Intranet vulnerabilities include viruses, fraud, hacking, system failure, inadequate procedures and policies, unsolicited junk e-mail or spam, transmission or storage of illegal content, and sabotage. The risks and penalties of an unsecured Intranet have become increasingly severe. According to a 2003 Computer Security Institute (CSI) and Federal Bureau of Investigation (FBI) survey of 530 security practitioners in U.S. corporations, government agencies, financial institutions and universities, 78% of the survey respondents reported Internet attacks (http://www.gocsi.com). Such incidents can result in serious damages. The 251 organizations that were able to quantify their losses in 2003 reported a total of over $200 million.

            Although not yet common, universities have been sued when their computers have been involved in attacks on third parties. As a result, insurance companies are marketing to universities third-party liability coverage for security negligence.

      Internet access privileges are widely abused. Abuses include the downloading of pornography, the sharing of pirated software, music, and movie files, and the inappropriate use of e-mail systems. As a result, the danger of entanglement in civil and criminal liability suits is also on the rise. For example, the Recording Industry Association of America (RIAA) filed suits against more than 200 illegal file sharers in September 2003. The vast majority of these cases involve college and high students. Boston College and Michigan Technical University have decided to fight the RIAA. They maintain that students' rights are private and do not require the disclosure of their contact information. According to Clements (2003), universities are exposing themselves to criminal liability by not supplying this information.

      Schools and libraries have been sued for allowing users to view pornographic Web sites. “In August 2003, a suit was brought by 12 librarians against the Minneapolis Public Library over exposure to Internet pornography. By allowing patrons to surf online porn sites and print out Internet pornography, the library had created a hostile work environment. The library agreed to pay the librarians nearly $500,000 as a part of the settlement” (http://www.palisadesys.com).

      The reputation of an educational institution can be harmed when Intranet security measures are inadequate. For example, a computer hacker replaced Columbia University’s homepage with a pornographic Web site two times in February 2003 (http://www.dailyillini.com/feb03/feb26/news/stories/campus02.shtml).

      Spam negatively affects employee productivity, student learning, and network resources, such as disk storage and bandwidth. Forty percent of all e-mail is considered spam, which costs U.S. organizations more than $9 billion annually (http://www.spamfilterreview.com/spam-statistics.html). Spam is predicted to increase to 75 percent of total e-mail in 2004 (http://www.basex.com). Spamming can tarnish an organization’s image as well. For example, students at Tufts University discovered that spammers, those individuals who send unsolicited junk e-mail, were paying students to use their personal computers as relay points that helped mask the true source of the spam (Fontana, 2003). This spammer technique, known as e-mail relaying or spoofing, will often consist of transmitting a piece of e-mail (e.g., low-interest mortgages, get-rich-quick schemes, cut-rate printer cartridges, Viagra, etc.) to millions of recipients. Not only does this overload the e-mail server but the university will also receive a large number of complaints from the recipients (Cothers, 2003). 

      At James Madison University, a student computer was set up to capture passwords, email, and instant messages from other students. Weeks worth of private information and intimate conversations were then published for everyone on the network to see (http://www.jmu.edu/computing/security/sa/student/importance.shtml). Loss of privacy can shatter the trust of students about the confidentiality of their personal information (McBride, et al., 2002). Furthermore, identity theft, the number one international crime, is also possible when the hacker obtains key pieces of personal information, such as a Social Security number.

      According to the Computer Emergency Response Team (CERT), a security awareness organization located at the Software Engineering Institute at Carnegie Mellon University, no one on the Internet is immune to intruders. In fact, since CERT began operation in 1988, the number of security incidents reported to the center has grown dramatically, roughly paralleling the growth of the Internet.  Unfortunately, the Internet is extremely vulnerable to attacks because early network protocols that now form part of the Internet infrastructure were designed without security in mind. Internet attacks are typically quick, easy, inexpensive, and hard to detect or trace (http://www.cert.org/encyc_article/tocencyc.html).

 

 

 

 

Types of Security Threats

               Minoli and Minoli (1998) categorize security threats as either passive or active. Passive threats involve monitoring the transmission of data, where the goal of the attacker is to obtain transmitted information (e.g., e-mail, file, etc.).  Passive threats are difficult to detect because they do not involve alteration of data. On the other hand, active threats involve the modification of data or the creation of a false stream.  Active threats fall into one of three categories (Minoli & Minoli, 1998):

1.     Message-stream modification.  This means that some portion of a legitimate message is altered.  For example, a message that authorizes a particular name to have access to certain documents is changed to a different name.

2.     Denial of service. This prevents or inhibits normal use of communications facilities. For example, a common denial-of-service attack is to “flood” a network, thereby preventing legitimate network traffic. For example, a denial-of-service attack seriously crippled Wayne State's entire network for more than 8 hours on September 11, 2003. The attackers scanned more than 8000 computers on the Wayne State’s network looking for vulnerabilities in Microsoft Windows operating systems. Once found, code was installed to orchestrate simultaneous denial-of-service attacks from the compromised machines.

3.     Masquerade.  This type involves an attacker pretending to be someone else. At Northern Arizona University (NAU), for example, an attacker gained access to a student account and broadcasted a hateful, racist message to the entire university community.

Some specific Internet hacking techniques include (Howard, 1995):

1. Stolen access. This involves use of another user’s ID or password without permission to gain access to the Internet.
2. Stolen resources. This involves a search for servers to store stolen software and databases using the Internet as the navigation mechanism.
3. Trojan horses. These, which appear as legitimate programs, files, or e-mail attachments, are the carriers of viruses. They may be destructive or perform some covert activity designed to send data back to hackers. A recent Trojan horse presents itself to Internet users in a spam e-mail message claiming to come from eBay's online PayPal payment service. If the user downloads the Trojan horse, which could be embedded in a photograph, sound file or even a game, it is then able to spread a virus.
4. Internet viruses and worms.  A virus spreads by coping itself from one program to the next without the user knowing it. Internet viruses are designed to transverse through a network, either sending information back to the originator or doing damage to the networks it passes through.  A worm, a type of virus, does not depend upon any form of human intervention to propagate. For example, Robert Morris, a 23-year-old Cornell graduate student and son of a computer security expert for the National Security Agency, created an Internet worm in 1988 that incapacitated 6000 computers on six continents.  It involved computers at Massachusetts Institute of Technology, Rand Corporation, University of California at Berkley, three NASA facilities, and Los Alamos and Lawrence Livermore national laboratories, and was the first virus that affected a worldwide network. In January 2004, the Norvag worm, also known as Mydoom, proliferated through e-mail attachments and file-sharing services. The worm crashed computer servers and flooded e-mail boxes with messages containing subject lines like "Hello" and "Mail Transaction Failed." Recipients who clicked on the attachment enabled the worm to install a backdoor for hackers to spew spam or launch denial-of-service attacks.  In addition, the worm searched the infected computer's files for e-mail addresses and then sent e-mails, with an infected attachment, to each of those addresses plus some addresses that it made up. At one point in 2004, close to 20 percent of all e-mail traffic in the world was attributed to Norvag (http://www.nytimes.com).
5. Spyware.  This refers to any technology that aids in secretly gathering information about a person or organization without their knowledge. Information about the user is then relayed to advertisers or other interested parties. Spyware can get in a computer as a software virus. However, spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet (http://www.webopedia.com). Spyware activities include gathering passwords and credit card numbers, inundating a computer with advertisement pop-ups, compiling mailing lists for spam, changing the default home page on the Web browser, scanning files on the hard drive, tracking a user’s Internet activities and usage, and disabling a computer's Internet connection. Spyware programs consume network bandwidth and resources, may compromise the security of data, and often cause software problems within a Microsoft Windows environment. (http://www.uwm.edu/IMT/purchase/spyware.html).
6. E-mail impostures. This involves sending e-mail while falsifying the “from” field.
7. Sniffing.   If a hacker has gained access to a host, the hacker may set up sniffing programs to observe traffic and to store information (e.g., IDs/passwords) that can be used to compromise other systems.
8. Spoofing. This technique involves assuming someone else’s identity, whether it is a login ID, an Internet protocol (IP) address, or a server. Viruses commonly spoof the "From" line of an e-mail message to appear to be from a known and trusted person. Most spam messages are sent using an invalid return e-mail address or an e-mail address that prevents the recipient from identifying the sender. Spoofing also involves e-mail relay or tapping into an e-mail server through an open relay, which occurs when a server is not properly secured following installation. An open relay enables a hacker to connect to the server and to quickly generate thousands of forged e-mail messages.
9. Back doors.  Programmers may implement a secret password that allows a programmer easy access to a host or application on the host. These passwords can be infiltrated. 

 Littman (2002) maintains that cybervandals are always on the lookout for new ways to break into computer networks to snoop around, eavesdrop, modify, destroy or steal data. Therefore, organizations must plan for the different threats and vulnerabilities that could hit their organizations. For additional information on security threats and attack trends, visit the CERT Web site (http://www.cert.org/nav/index_red.html.) 

 

Security Measures

Firewalls.  This is a collection of hardware and software designed to eliminate packets, units of data, or service requests that fail to meet the security criteria established by the organization. It provides a single choke point for screening out unwanted packets (e.g., packets that contain the word X-rated in it), preventing unauthorized network access, and blocking denial-of-service and other attacks. A school should place a firewall at every connection to the Internet. Because a firewall is typically the first line of defense, it must be carefully tested before connections are established between the internal networks (Intranets) and the Internet. According to McCarthy (1998), maintaining a healthy firewall requires the development of clear firewall procedures and policies and a professional firewall administrator who is provided with routine upgrades, current patches, and training.

            Variations in the firewall architecture affect the security level and the cost and complexity of the hardware (Minoli & Minoli, 1998). A simple firewall consists of a packet-filtering router, a device that forwards packets between networks if allowed by the firewall rules. A proxy server, located between the Web browser and a real server, can also be used to filter requests. Proxy servers receive requests from inside the network that are destined for external resources, or vice versa. For example, a school might use a proxy server to prevent its students from accessing a specific set of Web sites (http://www.webopedia.com). More sophisticated firewall implementations include a bastion host, a gateway computer between an inside network and an outside network. A bastion host authenticates requests, verifies their form and content, and relays approved service requests to the appropriate network servers.  In addition, schools can improve security against internal threats by creating multiple Intranets by linking routers and possibly multiple bastion hosts whose primary function is to keep lower-security users from accessing higher-security information and programs (Charnetski, 1998).

            Wireless access adds yet another level of complexity, according to Arnold (2003). Arnold maintains that system administrators must treat each wireless access point with the same care given a network server. Middleton (2001) recommends placing a firewall between the Intranet and the wireless network. Middleton also advises installing personal firewalls on all student and employee machines, on campus and at home, with broadband or high-speed Internet connections, such as digital subscriber lines (DSL), cable modem and wireless cable networks, wireless fidelity (WiFi), and satellite modems. A personal firewall, a software application used to protect a single Internet-connected computer from intruders, is especially useful for users with "always-on" connections, such as DSL or cable modem. Such connections are particularly vulnerable to hacker attacks because they use a static Internet protocol (IP) address or an IP address that will never change no matter how frequently a user connects or disconnects from the Internet (http://whatis.techtarget.com).

The Lee County School District in Florida protects its Intranet, called LEARN (Lee Education and Resource Network), using a firewall system whose capabilities include filtering, restricting access, authenticating network access, and special automation processes.  A proxy server is located at each school to provide administrators and teachers with full control over who has access to LEARN as well as the Internet.  It enables uniform resource locator (URL) and file transfer protocol (FTP) filtering to be done on a school-by-school basis as well as funneling. Funneling enables teachers to restrict students’ access only to pre-selected Web sites, which can be automatically refreshed and cached to avoid Internet congestion during class sessions (http://www.lee.k12.fl.us/schools/tfm/school/internetpolicy.htm).

 There are hundreds of firewall products available. Most of them are very effective. However, Strebe and Perkins (2000) maintain that there are so many different ways to exploit network connections that no firewall is entirely secure.  For example, an Intranet can not be protected against attacks that do not go through the firewall, such as a dial-up connection. A virtual private network (VPN), a private network built atop a public network, allows an authorized user to establish a secure connection to the Intranet. A university employee who is careless with a user name and password can compromise the system (Arnold, 2003). A firewall can not protect an Intranet from a traitor or provide adequate protection against virus-infected programs and files and spam (Phaltankar, 2000).

            Anti-virus software. Since the arrival of computer viruses in the early 1980s, federal and state laws have been enacted to penalize computer hackers who introduced malicious viruses into computer systems. Robert Morris was convicted in 1990 under the Federal Computer Fraud and Abuse Act of 1986 and was placed on three years of probation, fined $10,000, and ordered to perform 400 hours of community service.

            Despite the growth in legal remedies, it has been difficult to prosecute perpetrators. Consequently, educational organizations have taken a defensive posture by purchasing anti-viral programs to detect viruses and Trojan horses to assist in the deletion or repair of infected files. Furthermore, every member of an educational community should be informed about safe anti-virus practices. This includes making regular backup copies of files for recovery purposes and not downloading programs and e-mail attachments of questionable origin.

There are now more than fifty thousand known viruses.  New viruses emerge on a daily basis. To ensure continued protection, anti-viral programs must be kept up to date. Anti-virus vendors usually update their software on a weekly basis. A school workstation that has outdated virus protection is at risk plus all the other computers on the network. Ideally, network workstations should be automatically updated on a regular basis. Employee and student laptops and home personal computers also require anti-virus software, which can be automatically updated when they connect to the Internet.

In February 2004, American Online temporarily blocked e-mail from NAU after receiving vast amounts of virus-induced spam from NAU. As a result, Information Technology Services  (ITS) reminded NAU users that McAfee anti-virus software is free to faculty, staff, and students at work and at home and is available from the ITS web site software download page.

Anti-spam software. Until recently, spam was only illegal if it promoted an illegal product or service. President Bush signed an anti-spam bill, known as Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam), in December 2003 to establish a framework of technological, administrative civil and criminal tools and to provide consumers with options to reduce the volume of unwanted e-mail. Critics predict that “Can-Spam, and spam legislation in general, ultimately will fail to have much of an effect on the amount of spam reaching people's in-boxes, in part because of the volume of spam coming from overseas” (http://news.com.com/2100-1028-5116940.html). Therefore, educational organizations should continue to rely on the following non-legal measures to minimize the impact of spam: 

 

1.     Install anti-spam software and keep it current. Anti-spam software is a plug-in appliance that uses a variety of technologies to detect and remove unwanted e-mail and to block relay attempts and e-mail from domains (e.g., baddomain.com) originating spam. Anti-spam solutions use different kinds of filters, such as language and keyword, which are frequently used in conjunction with each other. Keyword filters, for example, block out messages with particular words and phrases. However, spammers analyze how antispam software is detecting their activity and adjust their techniques accordingly, such as replacing the word “Viagra” with “V-I-A-G-R-A.” Consequently, antispam software vendors must constantly study new "attacks" and adjust their software accordingly (Chasin, 2003). Evolving anti-spam technologies require educational institutions to periodically evaluate the effectiveness of their anti-spam software.

2.     Educate employees and students on anti-spam software capabilities and how to respond to spam. For example, users can have e-mails containing certain key words or phrases automatically deleted while adding the sender’s name to a junk e-mail list for blocking future e-mails from that sender.  A user should never request to be removed or unsubscribed from a spammer’s mailing list. Otherwise, even more spam will probably be sent because the spammer knows that the user likely read through the junk mail trying to find out how to get off the mailing list (http://www.littler.com/nwsltr/asap_spam.html).

 

Anti-spyware software. Spyware attacks evade traditional firewalls and are immune to anti-virus technology. Spyware, like viruses, change on a daily basis making spyware-definition updates from vendors critical. Updates can be downloaded from the Internet and then distributed to all network users (Koontz, 2003). Educate employees and students about how to avoid spyware. Music and file sharing utilities are among the worst spyware offenders. The Spyware Guide (http://www.spywareguide.com) provides an extensive database of all known spyware programs and explanations of what they do to a system as well as how to eliminate them. Employees and students should also be advised to carefully read all program licensing agreements and installation instructions. Many programs inform users in the licensing agreement or installation process that their computers will receive regular advertising or promotional information after installation.

Encryption. During transmission, messages are vulnerable to eavesdropping, passive listening, or active wiretapping. Wireless circuits are easier to "tap" than their hard-wired counterparts (http://searchsecurity.techtarget.com). Furthermore, Intranets are carrying an increasing amount of confidential data. One effective method of preventing message interception is to encrypt data or to encode it into an incomprehensible form called cipher text. Once the message is scrambled into cipher text, it is sent to the recipient, who then decrypts the message back into clear text again. This process of encryption, decryption and the participants—the sender and the receiver—combine to form a cryptosystem. Keys, the equivalent of personal identification numbers (PINs), are integral to the authentication and encryption functions. They are mixed into the security process, making the output mathematically impossible to decode without knowledge of the key. Typically, the strength of an encryption key grows, as the key becomes longer (Phaltankar, 2000).

Wireless local area networks (WLANs) are becoming more prevalent on school and university campuses. However, WLAN technology often uses a weak encryption scheme called Wired Equivalent Privacy (WEP), which can be cracked relatively quickly on a busy network. Wi-Fi Protected Access (WPA) is an alternative encryption scheme that is more robust than WEP. Advanced solutions, such as Microsoft’s Extensible Authentication Protocol (EAP) and Cisco’s Lightweight Extensible Authentication Protocol (LEAP), can be used in conjunction with WEP and WPA to improve security (http://policies.csusb.edu/wirelessnetworks.htm).

Encrypt passwords traveling over networks to protect them against sniffing programs. However, not all applications encrypt passwords, like certain telnet and e-mail applications. When possible, replace programs that do not use encryption with ones that do, such as Outlook for e-mail and Tera-Term for telneting (http://www.aas.duke.edu/comp/security/certification/security.html).

Terminal use controls.  The challenge of an online system is to identify authorized users.  This can be based on what the user has (e.g., ID card), who the user is (e.g., physical characteristic), or what the users knows (e.g., password).

1.     Smart cards. One way to restrict access both on and off campus is to have users insert a smart card into a security reader attached to the computer. A smart card contains an embedded microprocessor and is used to store or process information. The computer will not "boot up" without the smart card present. This same technology could also be used for restricting access to computer labs.  Smart cards that are used in conjunction with passwords are more effective in authenticating user identity. After a small number of unsuccessful password inputs occur consecutively, a smart card can be locked, making a dictionary attack against a smart card extremely difficult. However, this approach is compromised if weak passwords are selected and users do not safeguard the cards. An alternative to a smart-card login system is a security token, a small device that plugs into a computer’s universal serial bus port. A security token, which fits on a key chain, eliminates the need of a card reader.

2.     One-time passwords. Intruders can use packet sniffers to capture passwords during remote log-in processes. Passwords required to initiate remote login connections are not protected even if they are encrypted. One-time password systems address this problem. One-time password systems generate a new password unique to each user each time access is attempted. This type of system is difficult to compromise since passwords are constantly changed (Hussain and Hussain, 1997). For example, at Mount Holyoke College, users are advised to use one-time passwords when logging in from insecure locations (http://www.mtholyoke.edu/lits/network/q1/sec.shtml)

One-time password generators include handhelds, soft tokens, key fobs, and smart cards with readers. Panda, for example, is a one time password system that uses Palm OS handhelds for gaining entry into a VPN (http://www.coopcomp.com/panda). With a soft token, the user types a PIN or a password into the computer to generate a one-time password. With a key fob, the user pushes a button on the fob to generate a one-time password, which the user types in to gain access. A key fob connects easily to any key ring and fits into a user's pocket or small carrying case. With a smart card and reader, the user inserts the card into the reader and then the computer generates a one-time password to permit access (Gaskin, 2002).

3.     Passwords. Every account should have a password that is difficult to guess and changed on a regular basis. The best passwords are at least eight characters long and have both upper and lowercase characters and a mixture of letters, numbers, and special characters (Phaltankar, 2000). However, when users replace existing passwords, they often change just one character or number at the end of the password (e.g., "password1" "password2", etc.)  Advise users against this common password-change practice because it enables attackers to easily guess current passwords if they intercept "expired" passwords (http://www.smat.us/sanity). Furthermore, advise users to keep passwords private and to select passwords that are easy enough to remember without be written.  Attackers search for written passwords. For additional information on password security, visit the Duke University Office of Information Technology Web site (http://www.oit.duke.edu/security/password.html.

       Biometrics. This term refers to a range of authentication systems that measure a biological feature, such as a fingerprint or an eye or voice pattern, to identify an unknown user or to verify the claimed identity of a person through an automated process. Jain and Ross (2004) maintain that biometric systems have an edge over traditional security methods in that they cannot be easily stolen or shared and alleviate the need to design and remember passwords. Fingerprint comparison is the most commonly used method of biometric authentication  (http://www.infosecguru.com/biometric.html). However, fingerprints and other traits are susceptible to spoof attacks. Identification based on multiple biometrics, an emerging trend, successfully resolves this problem. For example, a multimodal biometric system can integrate face recognition, fingerprint verification, and speaker verification in making a personal identification (Jain & Ross, 2004).

       A number of vendors sell inexpensive devices that read fingerprints, retinal patterns, and the like. Thus, the implementation of biometrics in educational institutions is now possible (Goldberg, 2003).

       Biometric security may help maintain the integrity of online programs. For example, the computer-based testing center at George Mason University is adding a biometric fingerprint scan to prevent unauthorized individuals from taking examinations.(http://www.idynta.com/education.htm).

            Software security patches.  Security flaws in applications, such as Microsoft Windows, have left many organizations vulnerable to Internet-borne viruses and worms.  Consequently, software manufacturers distribute software patches to fix security flaws with their applications. Keeping software patches up-to-date is crucial to system availability. Security patches are installed manually or automatically. For example, Clarkson University uses an application developed by Tripwire, a provider of integrity management solutions, to install software patches across their network in minutes (http://www.tripwire.com).

            Intrusion detection systems.  An intrusion detection system (IDS) monitors computer activities to detect and report security violations.  It should be used with firewalls and complementary security products, such as antivirus, authentication, and encryption tools.  According to Crothers (2003), an IDS can be an extremely valuable tool when implemented correctly. For example, the Colorado Springs School District 11 has successfully monitored and tracked undesirable activities and unauthorized log-ons using the eTrust IDS (http://ca.com).

            Security policies.  Security policies define the rules by which all participants must abide (Phaltankar, 2000). They address such things as basic security elements (e.g., passwords), data and hardware components and the depth of security required to protect them, the use of computers by employees and students, the management and deployment of security mechanisms, disaster recovery and business continuity plans, access to and from external networks, virus protection, software copyright laws, and physical security (Bruce and Dempsey, 1997).  Appropriate use of Internet resources also requires the creation, implementation, and consistent enforcement of an Acceptable Use Policy (AUP).  To be effective, the AUP should include acceptable uses and rules for "online etiquette" as well as access privileges and penalties for violations of policy.  Many educational organizations have created AUPs and have posted them on the Internet. 

            An important responsibility of network security personnel is to ensure that all employees and students understand organizational security policies and abide by them (Phaltankar, 2000). Security policies should be easy to read and understand, easily accessible, updated on a regular basis, and supported by top administrators (McCarthy, 1998). 

Conclusion

            The use of the Internet by educational organizations is extensive and rapidly increasing. However, with easy access to information and applications come new risks, particularly as Internet-based networks increase in complexity and scope. The need for educational organizations to be proactive in securing their Intranets has never been greater. Well-trained and experienced network security personnel are required to conceive a security plan that identifies the appropriate structure, security policies, and technologies. 

 References

 

Arnold,S (2003, January/February). Ten Intranet security pitfalls and how to avoid them.

    Intranet  Professional, 6 (1), p.1.

Bruce, Glen & Dempsey, R. (1997). Security in distributed computing. Saddle River, NJ:

    Prentice Hall PTR.

Charnetski, J. R. (1998), Avoid disaster: Use firewalls for Inter-Intranet security.

    Computers in Libraries, 18 (9), 44-48.

Chasin, S. (2003). Spam wars: The battle wages on. Denver Business Journal, 55 (16), 1.

Clements, G. (2003, September 19).Pirates of the campus playing music to RIAA's ears.

    Charlotte Business Journal. Retrieved January 19, 2004 from  

     http://www.bizjournals.com/charlotte/stories/2003/09/22/smallb4.html.

Crothers, T. (2003). Implementing intrusion detection systems: A hands-on guide

    for securing the network. Indianapolis, IN: Wiley Publishing, Inc.

Fontana, J. (2003,  February 24). Are spammers hiding behind students? PC World.

    Retrieved January 25, 2004, from

    http://www.pcworld.com/news/article/0,aid,109476,00.asp

Gaskin, J. (2002). CryptoCard protects your portable devices. PC  World.

    Retrieved January 25, 2004, from

     http://www.pcworld.com/news/article/0,aid,98863,00.asp

Goldberg, L. (2003). Creating safer and more efficient schools with biometric

    technologies. T.H.E. Journal.

    Retrieved March 1, 2004, from http://www.thejournal.com/magazine/vault/A4484.cfm

Howard, G.S. (1995). Introduction to Internet security: From basics to

    Beyond. Rocklin, CA: Prima Publishing.

Hussain, K.M. & Hussain, D.S. (1997). Telecommunications and networks. Boston,

    MA: Butterworh-Heinemann.

Jain, A. K. & Ross, A. (2004). Multibiometric systems. Communications of the ACM,

     47 (3), 34-40.

 

 

Koontz, R. (2003). Spyware removal tools stop snoopers. Network World. Retrieved

     February 10, 2003 from

     http://www.nwfusion.com/news/tech/2003/0929techupdate.html

Littman, M. K. (2002). Building broadband networks. New York, NY: CRC Press.

McBride, P., Patilla, J., Robinson, C., Thermos, P., & Moser, E. P. (2002)

    Secure Internet practices. Boca Raton, FL: MEYTASeS.

McCarthy, L. (1998). Intranet security: stories from the trenches. Mountain View,

    California: Sun Microsystems, Inc.

Middleton, J. (2001). Save your wireless networks from hackers. VNU Business

    Publications Ltd. Retrieved February 06, 2004 from

    http://www.vnunet.com/Analysis/1124135.

Minoli, D. & Minoli, E. (1998). Web commerce technology book. New York,

    NY: Mcgraw-Hill Companies.

Phaltankar, K. M. (2000). Implementing secure Intranets and Extranets. Northwood,

   MA: Artech House, Inc.

Strebe, M. & Perkins, C. (2000). Firewalls: 24 seven. Alameda, CA: Sybex, Inc.