Internet, extranet and intranet

Introduction
The continuing innovation of the internet means the boundaries of what’s possible
are constantly moving. If you've worked at a medium to large business with a
network before, you probably know that employees can access and use the internet
from their devices. But they also have access to a restricted net for internal
purposes. Well, this is called the company's intranet, but it’s not just a smaller
internet. Actually, they are very different concepts. Did you know that there is also
something called an extranet? But how do an intranet and extranet differ from the
internet?
In this reading, you’ll explore what an intranet and an extranet are and how they
differ from the internet by exploring some use cases.
Internet
Earlier you learned that the internet is a global network that connects computers
and other devices across the world. It’s a public network that allows you to access
information and services from anywhere in the world. Remember, the internet is an
open network, meaning that anyone can access it, and it’s not owned by any single
organization or entity.
Intranet
However, an intranet is different, it’s a private network that’s used within an
organization to share information and resources. It’s similar to the internet but is
restricted to authorized users. You access it from within the organization's network,
but it can also be accessed remotely through a VPN (Virtual Private Network)
connection. You will learn more about VPNs later.
The intranet is used for a variety of purposes, including:
 Internal communication: Including email, messaging, and video
conferencing.
 Resource sharing: Including sharing documents and other resources within
the business.
 Knowledge management: It can also be used for sharing knowledge and
expertise, such as best practices, training resources, and policies.
 Project management: It can be used for managing projects within an
organization, including task management, scheduling, and collaboration.
Extranet
An extranet takes Intranet a step further. It’s also a private network. It’s used for
sharing information and resources securely between an organization and its
external partners, vendors, and customers. Internal users access it just like an
intranet, but it is also accessible to authorized external users.
The extranet is used for a variety of purposes, including;
 Improved collaboration: The extranet enables organizations to collaborate
with external parties in a secure and controlled manner. It allows for the
sharing of information, documents, and other resources, which can help to
improve communication and collaboration between different stakeholders.
 Enhanced communication: Extranets provide a secure and controlled
environment for communication between an organization and external
parties. This can help to improve communication and reduce errors and
misunderstandings.
 Streamlined business processes: An extranet can help streamline
business processes by allowing external parties to access relevant
information and resources. This helps to reduce administration and improve
the efficiency of business processes.
 Better customer service: An extranet can be used to provide better
customer service by allowing customers to access relevant information and
resources. This can include information about products and services, order
status, and support resources.
 Increased productivity: By providing external parties with access to
relevant information and resources, an extranet can help to increase
productivity. This can include access to training materials, product
information, and other resources that can help external parties to work more
effectively.
In summary, the internet, intranet, and extranet are three distinct network types
with different uses. The Internet is a public network that allows anyone to access
information and services from anywhere in the world. An intranet is a private
network that is used within an organization to share information and resources,
while an extranet is a private network that is used to share information and
resources between an organization and its external partners, vendors, or
customers.
The diagram below represents the differences between the Internet, an Intranet,
and Extranet.
Wi-Fi routers’ security protocols
Now that you understand the difference between intranet, internet, and extranet,
let’s think for a moment about how devices on intranets and extranets are
connected to the internet. Well, every device connects to a network via routers or
switches, and these days most routers support wireless connections. These Wi-Fi
routers then connect to a modem which finally connects to the internet. So, Wi-Fi
routers are the primary devices that connect homes and offices to the internet. And
that’s why Wi-Fi routers use specific security protocols to secure them against
unauthorized access and data theft. So, which security protocols (also called
encryption protocols) do Wi-Fi routers use?
WEP (Wired Equivalent Privacy): WEP is an older wireless security protocol that
is no longer considered secure. WEP uses a shared key to authenticate users and
encrypt data. However, WEP is vulnerable to security breaches, and its encryption
can be easily cracked.
WPA (Wi-Fi Protected Access): WPA is a wireless security protocol that provides
stronger encryption and authentication than the older WEP standard. WPA uses a
passphrase or key to authenticate users and encrypt data. WPA2 is the latest
version of WPA and is considered the most secure wireless security protocol.
WPA2 (Wi-Fi Protected Access II): WPA2 is the most widely supported wireless
security protocol these days. It uses a stronger encryption algorithm than WPA and
provides better protection against hacking and security breaches.
WPA2-PSK (Wi-Fi Protected Access II with Pre-Shared Key): WPA2-PSK is a
version of WPA2 that uses a pre-shared key (PSK) for authentication. This means
that all devices that connect to the wireless network must know the same PSK to
access the network.
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security):
EAP-TLS is a wireless security protocol that is widely used in enterprise-level
networks. It provides strong security by using digital certificates to authenticate
users and encrypt data. EAP-TLS is considered one of the most secure wireless
security protocols available.
MAC-Based Security: MAC-based security is a wireless security protocol that uses
the Media Access Control (MAC) address of a device to authenticate users and grant
access to the wireless network. MAC-based security is more secure than WEP but
less secure than WPA or WPA2.
Here’s a quick comparison between WEP, WPA, and WPA2.

Authentication WEP WPA WPA2

Mechanism

Security level Low Medium High

Encryption type 64-bit or 128-bit TKIP* AES

Key management Static key 802.1x or PSK** 802.1x or PSK

Vulnerabilities Easily hacked Vulnerable to brute-force More secure than WP

attacks and WEP

Compatibility Compatible with most Compatible with most Compatible with mos
devices devices devices

Recommended for No No Yes

use

* TKIP (Temporal Key Integrity Protocol) is a security protocol used in Wi-Fi networks
to encrypt data. **802.1x is anIEEE (Institute of Electrical and Electronics Engineers)
standard for port-based network access control that provides authentication and
authorization mechanisms to enforce network security policies.PSK (Pre-Shared
Key) is a form of authentication used in Wi-Fi networks to verify the identity of
clients.
Keeping a wireless network secure
Keeping your Wi-Fi network safe and secure is essential in protecting your personal
information and sensitive data from cyberattacks. Here are some tips that will help.
Remember to change the default username and password: The first and
foremost step to secure your Wi-Fi network is to change the default username and
password of your router. Default login credentials are easily available online, and
cybercriminals can use them to gain access to your network.
Always use strong encryption: It’s essential to enable WPA2 (Wi-Fi Protected
Access II) encryption on your router to secure your wireless network. WPA2 is one of
the most widely supported encryption methods currently available and provides a
high level of security for your network.
Set up a guest network: If you frequently have visitors who need to use your Wi-
Fi, set up a guest network with a different password to keep your main network
secure.
Enable the MAC address filtering: MAC address filtering allows you to restrict
access to your network by only allowing specific devices with pre-approved MAC
addresses to connect.
Keep your router firmware up to date: Router manufacturers regularly release
firmware updates to address security vulnerabilities. Make sure you keep your
router's firmware up to date by checking for updates regularly.
Disable remote management: Unless you need it, disable remote management
on your router. It’s a security risk as it allows cybercriminals to access your router's
settings from outside your network.
Conclusion
In this reading, you learned about the use cases and various types of computer
networks, including intranet, extranet, and the internet. You also explored the
various security protocols of Wi-Fi routers, such as WPA, WPA2, WEP, EAP-TLS, and
MAC-based security. You then discovered the importance of securing Wi-Fi networks
and learned some useful tips for securing your network.
Mark as completed

Authorization protocols on VPNs

Introduction
Previously you were introduced to the fundamentals of both authentication and
authorization. You learned how authentication and authorization can be used to
allow only authorized users to access specific data and resources on your servers. In
this reading, you will explore the benefits of using VPNs in access control systems
and the different protocols they use.
To begin, access control systems are essential for ensuring that only authorized
users can access sensitive data and resources. VPNs (Virtual Private Networks) are
commonly used in access control systems to provide secure and private access to
network resources.
How VPN helps in access control system
By now you know that VPNs provide a secure and private connection between two
devices over the internet. VPNs use encryption and authentication for internet
traffic, making it difficult for third parties to intercept or eavesdrop on the traffic.

VPNs also enable remote access to network resources, providing a secure and
efficient way for users to access sensitive data and resources from outside the
organization's network. Using VPNs in access control systems provides several
benefits, including:
Secure remote access: Earlier you learned that VPNs allow users to access
network resources from anywhere in the world, regardless of their location, using a
secure and private connection over the internet. This is particularly important in
today's business environment, where remote work is becoming increasingly
common. By using VPNs for remote access, organizations can provide their
employees with the flexibility to work from anywhere while ensuring that sensitive
data and resources are protected from cyber threats and unauthorized access.
Protection of sensitive data: VPNs use encryption to protect the data from being
intercepted or read by third parties, while authentication mechanisms verify the
identity of users to ensure that only authorized users can access the VPN. VPNs also
use data integrity checks to ensure that the data was not tampered with during
transmission and secure tunneling to create a private connection between the
user's device and the VPN server.
Granular control over access control: Granular control refers to the ability to
define precise and specific access control policies for individual users or groups of
users. It enables organizations to control access to resources on a fine-grained
level, ensuring that users only have access to the resources they need to perform
their job functions. VPNs enable administrators to define detailed access control
policies based on user identity, group membership, location, time of day, and other
criteria. Without granular control, it may be difficult to ensure that only authorized
users are accessing these resources, increasing the risk of data breaches,
cyberattacks, and other security incidents.
Compliance with regulatory requirements: VPNs can also help organizations
comply with regulatory requirements for data protection and security. For example,
some regulations may require organizations to encrypt all data transmissions,
including remote access connections. By using a VPN, organizations can ensure that
all remote access connections are encrypted, regardless of the location of the user.
Different types of authorization protocols used by VPNs
You’ll remember that at the start of this lesson, you were introduced to
authorization protocols for VPNs and learned how they play a critical role in
enforcing access control policies. You were introduced to some of the common
protocols used, including RADIUS and LDAP.
You discovered how Remote Authentication Dial-In User Service (RADIUS) is
an authentication protocol that uses a centralized server to authenticate and
authorize users. You also learned how RADIUS provides a way to manage network
access by controlling who is allowed to access the network and what they can
access. Further to this, RADIUS servers can also provide accounting services, which
track user access to network resources and generate reports for billing or auditing
purposes.
You also explored Lightweight Directory Access Protocol (LDAP) and
discovered how it’s a directory service that provides a way to store and retrieve
information about network resources and users. LDAP is often used to manage
authentication and user permissions and access control policies, ensuring that only
authorized users can access network resources. This is done against a directory
service, such as Microsoft Active Directory or OpenLDAP, providing a centralized
database of user credentials and access rights.
One protocol that was not covered earlier is Terminal Access Controller Access
Control System Plus (TACACS+). This is a security protocol that provides
centralized authentication, authorization, and accounting services. TACACS+
separates the authentication, authorization, and accounting functions, allowing for
more granular control over access to network resources.
The tables below shows both the advantages and disadvantages of RADIUS, LDAP,
and TACACS+.
Radius

Pros Cons

Centralized authentication and authorization Limited support for complex access control policie

Provides accounting services

Can be integrated with various VPN solutions

LDAP

Pros Cons

The hierarchical directory structure for managing user accounts and LDAP servers can be comple
permissions manage

Can be integrated with VPN solutions for user authentication Limited support for accountin
services

Provides a centralized directory for managing user accounts

TACACS+

Pros Cons

Provides a separate authentication and authorization Can be complex to configure and mana
process for each network device

Enables administrators to set different access control Limited support for centralized
policies for each device authentication and authorization

Can provide accounting services for network devices

Traffic auditing and preventing VPN misuse

As you discovered earlier, authorization is an ongoing process that requires
auditing. This is the process of monitoring and recording activities related to access
control. It involves keeping track of who has accessed what resources and when. It
monitors what actions they have taken whilst accessing those resources.
The purpose of auditing is to create an audit trail that can be used to:
 Further investigate security incidents
 Identify potential security breaches
 Ensure compliance with regulations and policies
Preventing VPNs from being misused is also a very important part of keeping your
organization safe and secure. You can implement the following steps besides
normal authentication and authorization to stop the VPNs from being abused.
 Unusual VPN activity: Be vigilant and watch for any unusual VPN activity,
such as an unusually high number of connections or data transfer.
 Suspicious login attempts: If there are repeated login attempts using
incorrect credentials or from unknown IP addresses, it could be a sign of VPN
misuse.
 Change in user behavior: If a user's behavior suddenly changes, such as
working unusual hours or accessing unusual websites, it could be a sign of
VPN misuse.
 Accessing sensitive information: If a user is accessing or trying to access
sensitive information that they shouldn't have access to, it could be a sign of
VPN misuse.
 Inconsistent geolocation: If a user's geolocation changes frequently or
they are accessing the VPN from an unusual location, it could be a sign of
VPN misuse.
 Unusual network traffic: If there is unusual network traffic, such as large
file transfers or network scans, it could be a sign of VPN misuse.
Conclusion
As you have discovered, Organizations use VPNs to help the access control system
that allows users to be authorized within the organization's network system. You
also explored a few of the common VPN protocols like RADIUS, LDAP, and TACACS+.
Finally, you learned about auditing VPN traffic and how to protect a VPN from being
misused.
Mark as completed
Like
Dislike
Report an issue