3.9. Identifying Characteristics and Purposes of Extranets and Intranets

Just as the technologies of networking have evolved, so has terminology that we use to talk about networks. Before the Internet was popular, there was no need to talk about other types of networks because all networks were just...well, networks. Now that the Internet is commonplace, we also need to define the types of networks that are not connected to or not included in the Internet. In this section, we will discuss the two other types of networks that are commonplace in today's business environment: extranets and intranets.

3.9.1. Critical Information

Many organizations have both extranets and intranets, which they use on a daily basis. Although both extranets and intranets are used primarily for business reasons, they are very different in their design and in their purpose. You should be able to recognize the differences between an extranet and an intranet. You should be able to identify the main characteristics and purposes of extranets and intranets.

3.9.1.1. Extranets

Your organization may want to give employees of another organization access to some parts of your network. You may want to provide this access because you are working closely with the other organization. Perhaps the employees need access to your inventory or to your pricing on specific items so that they can correctly price and promise delivery on a product for which your organization supplies parts. Perhaps you are a delivery company that gives access to your computers so that your customers will know where their package is in your system and therefore will trust you more in regard to a delivery date. These are just a couple of reasons that a business might use an extranet.

The main goal of an extranet is to provide a vendor or a partner with a value-added resource in the form of access to your network. When you provide an extranet you must keep in mind the security risks. There are two main security considerations in regard to extranets. You should be familiar with these security risks and the tools that you can use to mitigate them.

First, there's the concern of authentication to your network. If you want to give someone access to your network, then you need to make sure that the entity that you're giving access to is actually the one that was intended. Information that is of a benign nature to your vendor or partner may be sensitive information if it were to fall into the hands of your competitor. For example, the knowledge that you plan to build a certain number of units of a given product might be of great interest to a company that builds a competitive product. Second, there is a concern of permission and authorization to resources. Just because you want to give a vendor access to your inventory reports does not mean that you want them to have access to your executive payroll reports as well. If anyone is accidentally given access to this type of information, it becomes very hard to undo the damage that has already been done. You can't just erase the memory from the user's head!

To combat the problems regarding authentication, strong authentication protocols such as certificate-based IPSec should be used. This will ensure that you're communicating with the vendor or the partner that you intended. To address the issue of permissions and authorization to resources, carefully configure NTFS and share permissions for the users who will be accessing your resources. Some organizations create a new user account for each of the employees of the other organization. They then map the user's certificates to the new account for the purposes of authentication and authorization to resources. Server operating systems such as Windows 2000 and Windows Server 2003 provide the capability to map certificates to user accounts.

3.9.1.2. Intranets

As you know, some resources in an organization are only useful and appropriate to the employees of that organization. Suppose your organization wants to share these files and folders with all of the employees who need them. You could share them in the file and folder structure of the network so that users could access them with My Computer or Windows Explorer, but another method of sharing these resources is to place them on a web server so that the users can access the resources from any browser. If the pages on the web server are accessible only from within your own network, then you have truly created an intranet. If the pages can also be accessed by the users from outside the organization, then you have created a secure web page from the outside and an intranet on the inside of your network.

The main purpose of an intranet is to share information within an organization and allow users to access that information with their browsers. Security concerns are the same as with any other information in the network, but permissions can be controlled with web-based permissions as well as NTFS and share permissions. Authentication is typically provided as a passthrough from a user's logon credentials. In other words, the user who is already logged on to the network will typically not have to authenticate again to access an intranet page.

3.9.2. Exam Essentials

Know the purpose and characteristics of an extranet. The main purpose of an extranet is to provide a value-added resource to a vendor, supplier, or partner of an organization. An extranet creates concerns in regard to authentication and authorization, and should be protected using strong authentication protocols, certificates, and closely monitored NTFS and share permissions.

Understand the purpose and characteristics of an intranet. The main purpose of an intranet is to provide users with access to files and folders through their browsers. True intranet resources are not available on the Internet. Authentication and authorization of intranet resources is really no different than that of other resources and in fact is often a pass-through from the user's normal logon credentials.