Basics of implementing security on an intranet or hosted services

Today when corporations are turning to Web-based communication channels, the security issue should be one of the prime concerns. Unfortunately, this is not always true, especially when it comes to intranets. Studies have shown that a majority of the attacks originate from within the company. If you are the Intranet content owner, don't fall into the trap of believing that all is well because your intranet is protected by the corporate firewall. To come up with a good security model, you first need to answer some serious questions. The answers to these questions will work as basic steps towards security:

• Identify what needs to be secured: Here you identify the content.
• Distinguish between public and internal intellectual property information. This can further be divided into loose and sensitive information.
• Identification of User groups
• Access authorization and control procedures
• Incident response, in case of misuse or attack
• Backup procedure and disaster recovery

From a network security standpoint:

• Never have a false sense of security. Consider this as the first and most important rule.
• Have a well defined security policy
• Never create too many pin holes in your firewall to allow access.
• Use a good VPN solution to provide secure Intranet access to your remote clients.
• At a bare minimum, encrypt the login process using SSL.
• If the site is hosted at an ISP, make sure all the security guidelines are in place.

Let me know if you need more information .

-Puneet