Some of the most popular services offered by the Internet are E-mail, Usenet, File Transfer Protocol (FTP). The amount of information available on the Internet is so extensive that the only way to navigate through the Internet is by using Search tools, such as Web search engines, Archie and Gopher.Other services on the Internet are Bulletin Board Service (BBS). BBSs provide a forum for group of people to meet and to make postings. Usenet is one of the Biggest Bulletin boards. Usenet is an enormous, and distributes a large amount of information about various topics on a daily basis. The Internet also offers you a remote login service to provide connections between computers and authorized remote systems. This service is made possible using a technology called TELNET. Using TELNET, you can log in to another computer that may be located anyway in the world. You can use the Internet to transfer files between computers at different locations. This service is called File Transfer Protocol (FTP). The prospect of full-featured Internet connections raises security concerns with many computer system administrators. They correctly recognize that the exposure of computer systems to intrusion increases when those systems are connected to networks. It is also true, however, that the power of modern automation depends on computer network connections. Avoiding security problems by refusing to establish connections is like avoiding security problems by refusing to have computers. There are well recognized security techniques that minimize the risks of Internet connections. The most straightforward involve the establishment of "firewall machines" to serve as buffers between the worldwide Internet that contains intruders and the presumably secure internal networks. A firewall employs two types of precautions. First, it utilizes one or more computers to serve as "chokes" -- specialized routers -- and specialized "gates." A choke and the gate prevent outsider from establishing connections directly to any internal server or workstation. The choke directs all outside transactions to the gate, which in turn can route certain kinds of traffic and transactions to internal servers and workstations. "The choke is a kind of intelligent filter: it is set up so that only the gate machine can talk to the outside world." 1 The gate usually is "stripped down" to eliminate high risk services like UNIX's rlogin and rexec, while allowing the most useful electronic publishing and interactive protocol such as telnet, FTP, SMTP, NMTP, name, and domain. 2 This machine can be the anonymous FTP server, but it should not be the general file server for any internal network. 3
The firewall insulates the law firmís LAN from the external Internet, preventing unauthorized access to the LAN. Additionally, a proxy service can be used as part of the firewall to allow members and employees of the firm to access the outside Internet while still preventing outsiders from initiating access to the LAN. With proper security measures, a LAN connected to the Internet is not any less secure than a LAN not connected to the Internet.
1 Simson Garfinkel & Gene Spafford, Practical Unix Security, 298 (1991).
2 Garfinkel & Spafford at 297. The Garfinkel & Spafford book is a good technical-level explanation of unix security for system administrators. It is one of the books in the O'Reilly & Associates series.
3 This firewall configuration is one that exists naturally for organizations that have Novell Local Area Networks, equip workstations on those networks with TCP/IP software, and connect the Local Area Networks in turn to a UNIX Internet server. Each workstation can access the Internet server, but -- as long as TCP/IP Netware Loadable Modules are not put on the Novell server -- persons accessing the Internet server from the outside cannot access the Novell server for the Local Area Networks. Nor can they access individual workstations except when those workstations actually are running the TCP/IP software.
Table of Contents