Handbook of Local Area Networks, 1998 Edition:Applications of LAN Technology Click Here! Search the site:   ITLibrary ITKnowledge EXPERT SEARCH Programming Languages Databases Security Web Services Network Services Middleware Components Operating Systems User Interfaces Groupware & Collaboration Content Management Productivity Applications Hardware Fun & Games EarthWeb sites Crossnodes Datamation Developer.com DICE EarthWeb.com EarthWeb Direct ERP Hub Gamelan GoCertify.com HTMLGoodies Intranet Journal IT Knowledge IT Library JavaGoodies JARS JavaScripts.com open source IT RoadCoders Y2K Info Previous Table of Contents Next Firewall Software An application-level firewall acts as a security wall and gateway between a trusted internal network and such untrustworthy networks as the Internet. Access can be controlled by individuals or groups of users or by system names, domains, subnets, date, time, protocol, and service. Security is bidirectional, simultaneously prohibiting unauthorized users from accessing the corporate network while also managing internal users’ Internet access privileges. The firewall even periodically checks its own code to prevent modification by sophisticated intruders. The firewall gathers and logs information about where attempted break-ins originate, how they got there, and what the people responsible for them appear to be doing. Log entries include information on connection attempts, service types, users, file transfer names and sizes, connection duration, and trace routes. Together, this information leaves an electronic footprint that can help identify intruders. WEB DATA BASE CONSIDERATIONS Internet servers are the repositories of various data bases. These data bases may be set up for public access or for restricted intracompany access. In either case, the challenge of maintaining the information is apparent to IS professionals charged with keeping it accurate and up to date. Vendors are developing ways to ease the maintenance burden. For example, data base management vendors such as Oracle Corp. offer ways of integrating an existing data warehouse with the Internet without having to reformat the data into HTML. The data is not sent until a request is received and validated. In addition, the server supports HTTP-type negotiation, so it can deliver different versions of the same object (e.g., an image stored in multiple formats) according to each client’s preferences. The server also supports national language negotiation, allowing the same document in different translations to be delivered to different clients. The data base server should support the two common authentication mechanisms: basic and digest authentication. Both mechanisms allow certain directories to be protected by user name/password combinations. However, digest authentication transmits encrypted passwords and basic authentication does not. Other security extensions that may be bundled with data base servers include secure HTTP (S-HTTP) and SSL standards, which are especially important in supporting electronic commerce applications. Maintenance and Testing Tools The maintenance of most Web data bases still relies on the diligence of each document owner or site administrator to periodically check for integrity by testing for broken links, malformed documents, and outdated information. Data base integrity is usually tested by visually scanning each document and manually activating every hypertext link. Particular attention should be given to links that reference other Web sites because they are usually controlled by a third party who can change the location of files to a different server or directory or delete them entirely. Link Analyzers Link analyzers can examine a collection of documents and validate the links for accessibility, completeness, and consistency. However, this type of integrity check is usually applied more as a means of one-time verification than as a regular maintenance process. This check also fails to provide adequate support across distributed data bases and for situations in which the document contents are outside the immediate span of control. Log Files Some types of errors can be identified by the server’s log files. The server records each document request and, if an error occurred, the nature of that error. Such information can be used to identify requests for documents that have moved and those that have misspelled URLs, which are used to identify the location of documents on the Internet. Only the server manager usually has access to that information, however. The error is almost never relayed to the person charged with document maintenance, either because it is not recognized as a document error or because the origin of the error is not apparent from the error message. Even with better procedures, log files do not reveal failed requests that never made it to the server, nor can they support preventive maintenance and problems associated with changed document content. With a large and growing data base, manual maintenance methods become difficult and may eventually become impossible. Previous Table of Contents Next Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details.