Are you safe from Significant Threats Traced to Outside Vendor Access?

Written By Todd Mitchell

Do you have software that required special firewall exceptions? Do you have payment or other machines that need internet access on your network? If so, these systems may get compromised and infect your computers too. They are considered trusted, but do they keep updated security?

Three main risks to an organization that contracts deployment of an extranet include threats to the access controls, authentication, and confidentiality.  Access control to the network is usually provided through the firewall. Organizations provide openings in the firewall for extranets to gain access which increases the risk of unauthorized access. If connecting extranet partners have a lack of understanding of an organization's security policies or requirements, they could expose the network to unauthorized users and threaten proper authentication.  Confidentiality is threatened if extranet partners do not properly protect information maintained on the extranet or in transit to the extranet from the organizations database (Thorpe, 2006).

The vulnerabilities in the firewall can be mitigated by using Virtual Private Networks (VPN).  This allows data connections to be encrypted and maintain a higher level of integrity and authentication. Vulnerabilities to user authentication can be mitigated by using a physical device like a smart card as part of multifactor authentication. Another best practice is to use a user password combined with a random time synced password issued by the organization (Maier, 2000).  An organization can pervert an extranet from accessing improper data. However, confidentiality is also mitigated by cybersecurity policy forcing the extranet partner to take steps to ensure the transmitting of data is kept secure. Extranet partners must also ensure the person receiving the data is authorized to view it (Kabachinski, 2006).

References:

Kabachinski, J. (2006). Virtual private networks can provide reliable IT connections. Biomedical Instrumentation & Technology, 40(1), 51-54 4p. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=ccm&AN=106111103&site=eds-live&scope=site

Maier, P. Q. (2000). Ensuring extranet security and performance. Information Systems Management, 17(2), 33. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=bth&AN=2865205&site=eds-live&scope=site

Thorpe, S. W. (2006). Extranets: Applications, development, security and privacy. In H. Bidgoli (Ed.),  Handbook of information security (Vol. 1). New York, NY: John Wiley & Sons.

Todd Mitchell
Previous

Why not have a written plan on how to stay in business during a disaster?
Next

What is the Uniform Computer Information Transactions Act (UCITA)?