Integrating E-mail: From the Intranet to the Internet
By Simon Collin
Security on the Internet
Security on the Internet
This section covers security over the Internet, which is particularly important when linking an internal mail system with the Internet or when using the Internet as a convenient WAN to link remote offices. Of equal importance, the Internet often is used as a method of distributing authenticated certificates from an external source (for example, by downloading a certificate from a company such as VeriSign).
Security on the Internet or an intranet is a worry because of the lack of security within the TCP/IP protocol used for all communication. Add to this the way in which commands and messages are sent as plaintext over the network and you can get paranoid about the risks to your server. However, you are not the only one worried. Users can never be quite sure that they are connected to a reputable server who really represents the company they expect, unless you fit security measures to help the user.
Security Loopholes in TCP/IP
TCP/IP is the main protocol suite used within the Internet; and for this, it is an excellent, flexible, and multipurpose solution. However, the one feature it is not designed to handle is the provision of secure communications. Because of this, you must add utilities and tools to your server to protect it from intruders arriving via TCP/IP with its zero security.
Several problems must be addressed when establishing security on a Web server?some are for your benefit, others are for the benefit of the visitors to your site.
Copyright Simon Collin 1999 under license agreement with Books24x7