Would you like to make this site your homepage? It's fast and easy...
Yes, Please make this my home page!
RESEARCH PAPER - PART II
Siemen's, Inc.
V. REVIEW OF RELATED LITERATURE
An intranet is very similar to a World Wide Web site. It functions in much the same way in that information is stored on web pages and hyperlinks are used to move through the information. The major difference between an Intranet and a web site on the Internet is that the Intranet is only accessible to the computers connected to the local area network on which the Intranet files are saved. http://www.lea.co.nz/ICT/eResources/Intranets.htm
If there was ever a mega trend in technology, it's Internet computing. The Intranet is a term that is used to describe the application inside a corporation. Internet computing seems to be an overnight sensation.
It is nearly impossible to give a Webster's definition of an Intranet. But the following definition works the best for the purpose of this paper:
"An Intranet is a corporate network and the business applications that run on it shares the DNA of Internet computing technologies (e.g., Internet Protocol, browsers, Web servers) and exist behind a corporate security firewall (Guengerich, 1997)."
In other words an Intranet is a secure, internal, single company implementation of the Internet. All of the technology that was originally applied to the Internet (Internet Protocol, IP, World Wide Web, www, and browsers) is now being used for the Intranet applications. They are being applied inside the security of as company's firewall. All this is found at http://www.ecst.csuchico.edu/~carlosa/gifs/INTRANET.htm
The URL, http://flux.cpmc.columbia.edu/edu/G4040.fall.1996/intranet/intranet.html ,
Says that the Intranet market is just beginning to develop, as are many of the dynamic technologies and products that will facilitate its evolution. Organizations with an existing TCP/IP internetwork infrastructure are implementing pilot projects utilizing Internet protocol suite technologies, and newly developed client/server Web technologies. In many organizations Web servers are popping up like weeds, uncontrolled by management, primarily because of easy access to public domain software (NCSA&CERN Web server software, etc.), and overall ease of implementation and use.
Here in the URL http://lm.net.au/~mbhigh/98saswebpages/mleckie/WebPages/WhatistheIntranet.htm
the 10 most important issues about the Intranet is discussed. For example: What does the business gain? Is it manageable? How secure is it? And other issues as such.
In the site http://www.slb.com/Hub/Docs/tt/nws/consulting/tech_briefs/pki.htmlPrinciples of Public Key Infrastructure are found. Principles such as: symmetrical key systems use a shared secret to encrypt and decrypt messages. A separate secret key is needed for each correspondent pair. Moreover, asymmetrical key systems use a public and a private key pair to encrypt and decrypt messages.
The purpose of a public-key infrastructures is to provide automatic authentication and other security services for entities and individuals who exchange documents on electronic networks. The functions of a PKI include creating certificates, storing public keys, and tracking expiration dates of certificates. By managing these keys and certificates, an organization establishes and maintains a trustworthy networking environment. Public Key Infrastructure in electronic court filing is found at http://gsulaw.gsu.edu/lawand/papers/sp98/miller.html PUBLIC KEY.
This URL, http://www.deadiversion.usdoj.gov/ecomm/csos/concept/section4/4_1.htm has a section on Controlled Substances Ordering System (CSOS) that introduces the concept of operations for the CSOS PKI. It discusses information flow between PKI components from both functional and network viewpoints. This section discusses: (1)The CSOS PKI functional design concept, presenting the concept of operations for the information flow between the DEA, the Customers, the Suppliers, and the CSOS PKI components. (2) The CSOS PKI network design concept, presenting the concept of operations for connectivity between the DEA, the Customers, the Suppliers, and the CSOS PKI components. (3) The CSOS PKI certification authority design concept, presenting the concept of operations for trust model for the CSOS PKI.
VI. FRAMEWORK OF THE STUDY
The study is generally based on finding out the technological innovations of Siemens, Inc. to ensure security of highly confidential data. On the other hand, even if Siemens have all the technological innovations to ensure privacy and confidentiality in the Intranet, it is still possible that unauthorized transactions on the Intranet may take place, and that is if those who have access to the Intranet relay access codes and procedures to those unauthorized colleagues. Yes, in the past, certain instances as such have occurred.
VII. METHODS AND PROCEDURES
Researchers
The researchers are Organizational Communication majors who have conducted several research projects in past courses particularly in RESERCH, ETHICOM, ORGADEV. In addition to this, the researchers have also done case studies in COMTHEO and a few other subjects in the past. The researchers have also experienced doing survey interviews for organizations outside DLSU, including the production of PR kits and the like.
Instrument
The instrument used by the researchers is an interview schedule. The researchers have conducted an interview with an employee of the I.T. Department of Siemens, Inc that covered much about everything found in the gathered data.
Respondent
The respondent of the interview is Mr. Jojo Bustamante who is a current employee of the I.T. Department of Siemens, Inc. He is a graduate of De La Salle University and has been working for the company for over 5 years now.
VIII. GATHERED DATA
It was first mentioned in the interview that the ratio of the number of employees to the number of CPU's in Siemens, Inc. is 1:1. Each and every CPU had access to the Internet but not all had access to the Intranet. The only employees having authorized access to the Intranet were those of top-management and those ranking close to top-management. These authorized users were the only ones given a user name and password to have access to the Intranet. Even though authorized employees were the only ones to have a user name and password for access to the Intranet, there were a few minor cases were in the confidentiality of the content of the Intranet was threatened because of the negligence of authorized employees towards the responsibility of data confidentiality.
How? Confidential data such as business transactions and accounts, for example, were found in the Intranet. The security of this confidential data was in a somewhat danger because authorized users of the Intranet gave their user name and password to close colleagues so that their co-workers could do their work for them over the Intranet when they needed and extra hand or so. Obviously, this is strictly prohibited.
Through time, they found another way to secure access to the Intranet. This was by installing the software Private Key Infrastructure (PKI). The PKI is a technology that enables users of a basically unsecured public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for digital certificates that can identify individuals or organizations and directory services that can store and, when necessary, revoke them.
The interviewee mentioned that, soon, they will be using another innovation, in much relation to PKI, called a Key Card. This hardware consists of a certificate authority (CA) that issues and verifies digital certificates. A certificate includes the public key or information about the public key. A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor.
The Intranet has rapidly become a key element in creating and deploying solutions for the effective exchange of information in large, networked organization. In particular, growth in its use for business purposes has been dramatic. For many uses, security is a key consideration. Notably:
· Server authentication-To enable clients to verify the server they are communicating with.
· Client authentication-To allow servers to verify the client's identity and use this as a basis for access control decisions.
· Confidentiality-Encryption of data between clients and servers to prevent its exposure over public Networked links.
