Determining Windows 2000 Network Security Strategies |
Most organizations work in a complex world of relationships between customers, vendors, allied companies, suppliers, consultants, regulators, and others who work with the organization. Many of these partners, as they are often called, benefit greatly from direct access to your company's data and applications. However, providing such access can create considerable risk of exposing advantageous or sensitive information to the wrong people, or can create the risk of people maliciously controlling the corporate computer infrastructure. Therefore, networking security strategies must be employed effectively to give partners only the most appropriate access.
The collection of network and security technologies that allows partners to access your corporate network is often called an extranet. Extranets frequently employ the same technologies as previously discussed to provide access to staff and users, such as VPNs and Routing and Remote Access. A distinguishing characteristic of partners, however, is that they might always communicate with your company from a specific location and through a predefined link. Therefore, you can configure your proxy server to allow the extranet link from only that network address.
When you are considering which partners will use your extranet, make certain you determine what business units they will communicate with. Typically, partners fall into distinct categories that communicate primarily with distinct parts of the company. Some might work with shipping and receiving, others with engineering, and others strictly with sales.
Deploying network security strategies for partners is different from deploying for users or staff, primarily because extranets can quickly become mission critical for your partners. Corporate employees usually have the option of coming into the office to access corporate resources. Partners only have the option of using the extranet (or falling back to traditional means). Employees are also likely to work with relatively small quantities of data at any given time, whereas partners often generate considerable data to be processed by your computers and transmitted through your network.
Partners and business units are also very sensitive to the timeliness of the extranet service. Business functions are often dependent on the data that is exchanged and delays can be very costly. The extranet needs to be reliable, and when any issues arise, the partners and business units need to be able to contact someone who can fix the problems quickly.
The business units that supply services over the extranet have particular business issues and constraints in mind. They also have systems and staff with a history that is unique when compared to other parts of the company. Therefore, it is not unusual for some business units to have extranet requirements that are different from other business units.
For these reasons, a strategy for deploying network security to partners needs to emphasize reliability, scalability, flexibility, and supportability. Staffing is particularly critical, along with thorough pilot testing, policy and procedure development, and communication. The network security technologies included with Windows 2000 provide the basis for a secure extranet, but the primary differences between your extranet security strategy and your internal network security strategies will be in your policies and procedures.