Intranets are vulnerable because of the openness of Internet technology. Look at it this way: There's a door between your intranet and the Internet that lets users inside an intranet go out onto the Internet to get information. That same door can let intruders from the Internet into your intranet.

Computer viruses can be brought in to the intranet with an innocent looking software picked up on the web. It can then infect the other machines on the intranet, damaging millions of dollars worth of hardware and software. There are ways to combat these problems. Any LAN needs to have a comprehensive security system in place. In addition to considering the nature of the threats that require defensive measures, you must evaluate factors such as the size of the intranet and/or company, the value or confidentiality of the informations, and how important an uninterrupted, operational intranet is to the company.

Technology changes all the time, so the system needs to be constantly monitored and updated. Security systems are generically referred to as firewalls. Firewalls are hardware/software combinations that allow people from inside an intranet to access data on the web, but keep intruders from getting onto the intranet. In fact, firewalls are only one part of a comprehensive intranet security system. Routers play a major role in firewalls and are important in any security system. Routers are the technology that lets people on the intranet connect to the Internet, and allows data from the Internet to get to users on the intranet. Because all data going to and from the web passes through routers, they're a logical place to put security measures. Proxy servers are another important tool in the fight for intranet security. They allow people on an intranet to get to web resources, but the proxy servers act as a kind of go-between. In a system set up with a proxy server, this process can be invisible to the user making the request.

Another kind of server important for intranet security is a bastion server. A bastion server is configured especially to resist attacks. Frequently, it is put on its own subnetwork, known as a perimeter network. That way, if the bastion server is attacked and broken into, the intranet is still shielded-the only part compromised is the bastion server. Encryption and authentication systems are used to prevent unauthorized access to an intranet. Encryption can be used to protect data and passwords. Encryption depends on the use of secret and/or public keys.

User names and passwords can be compromised fairly easily, allowing someone to masquerade as a legitimate user. Viruses are a major concern to anyone running an web. While the threat of viruses is undoubtedly overblown by the news media, the truth is that viruses are a problem and a potential danger. One way to solve the problem is to use traditional virus scanning and eradication software. This software runs on each user's computer, and allows people to check their computers for viruses, and to kill the virus if at all possible. Traffic monitoring is another method to maintain a secure LAN. This is software that sits on a server, and monitors all traffic between the Internet and the intranet. It can also monitor all traffic on the intranet itself.

The intranet administrator can set rules and decide what kind of traffic to track. The nature of the traffic is the area of concern when trying to assure yourself that only authorized users and services are involved.