The most publicized dangers to an intranet are computer viruses. While the danger is not as extreme as portrayed in the press, nonetheless, the danger is real. Viruses are malicious programs that can cause many different kinds of damage, such as deleting data files, erasing programs, or destroying everything on a hard disk. Not every virus causes damage; some simply flash annoying messages on your screen. Still, any virus attack must be taken very seriously. There's no way of knowing when one has been created out of malicious intent or whether the perpetrator thought it was merely a harmless prank. In most cases, a virus causes real damage.
Viruses pose particular dangers to an intranet. On an intranet all computers are connected to one another, and that means that viruses can quickly spread from one networked computer to another. For example, let's say someone on an intranet gets a virus from a program they've gotten from the Internet via an FTP transfer. That virus will infect that person's computer. Before it does damage, however, and before the person knows an infection has occurred, the file might be shared with someone else by sending it via intranet e-mail. That person in turn might send it to yet someone else, who in turn shares it with another person. In a very short time, hundreds or thousands of computers can be infected. A virus can spread very much like an epidemic spreads.
An even greater danger to an intranet is a virus that infects a network server. The consequences of this can be disastrous. The virus could destroy the server software or its data. This could bring the entire intranet to its knees if the server is one that is vital to the functioning of the intranet. It is even more dangerous if the virus gets loose on a server that hosts corporate databases. The virus could conceivably destroy the entire database.
Other threats to intranets are special viruses called worms. Worms are viruses that have been designed to attack not just individual computers, but an entire network - an intranet, for example. Below, you'll find out more information about worms.
The term virus refers to many different kinds of programs. They usually attack four parts of a computer: its executable program files, its file-directory system that tracks the location of all of a computer's files (and without which, a computer won't work), its boot and system areas that are needed in order to start your computer, and its data files. Viruses usually are found in executable files, such as programs. For many years, it had been thought that viruses could not infect data files. Recently, new "macro" viruses have been written that hide inside a data file. The data file itself is not the culprit, but when something triggers the macro (which is, essentially, a little program file), the virus is let loose to do its damage.
Even more ominous for intranets, viruses can also hide themselves inside Java applets or be Java applets-applications written in a programming language that is expected to be used to build the next generation of interactive Internet and intranet applications. When a Java applet runs on your computer, an executable program is downloaded from an Internet or intranet server to your computer. When that program is on your computer, it runs and your Web browser shows the results of its running-for example, you'll see a news ticker flashing across your screen.
The developers of languages such as Java have done much work to try and make sure that viruses can't infect programs written in the languages. In Java, for example, when the applet downloads to your computer, before it is executed it is put into protected memory so that if it has a virus, it can't infect any part of your computer. Java applets also cannot read from or write to local drives. Some Java developers will tell you that because of security measures like that, there's no way that a virus from a Java applet could infect your computer.
However, other people maintain that there are many security holes in Java through which a variety of viruses can slip through. These people claim that some of these holes will do things such as lock up a keyboard and a mouse, or do more dangerous things, such as allowing a cracker to use Java as a way to circumvent firewall security and slip a virus into an intranet undetected. These kinds of Java applets are often called hostile applets. In fact, some of these hostile applets have been publicly posted on the Internet, with warnings about them, as a way to alert people that Java has dangerous holes in it.
As these hostile applets are made public, those who create the Java language-and other similar Internet programming languages-attempt to plug the holes. That's what happened when a team of computer scientists at Princeton University discovered a serious security flaw that could allow crackers to use Java to attack intranets. Pictured later in this chapter is an illustration of how such an attack could be made. The security flaw has since been patched, but people using older versions of Netscape are vulnerable to it.
Java, as yet, is not a great threat to intranets. It is still not in sufficiently widespread use, and there have yet to be documented attacks spread through using it. Of more immediate concern are several kinds of viruses. Trojan horses are programs that disguise themselves as normal, helpful programs, but do damage to your computer, its data, or your hard disk. For example, someone may download a file that claims to be a financial calculator. When the program was run, it would do calculations. But in the background, it would be doing damage to your computer. The theoretical Java security flaw that the Princeton researchers uncovered was a kind of Trojan horse.
Other viruses are called worms. These viruses are relatively rare, but they are of great concern to those on an intranet. That's because they have been specifically designed to infect networks. They travel between networked computers, replicating themselves along the way. They can attack the networked computers or the network itself. They can also chew up an enormous amount of network resources as they replicate and run. That's what the most infamous worm of all did. It was an Internet worm released on November 2, 1988. It copied itself onto many Internet host computers, and eventually brought huge sections of the Internet to a halt.
The most common viruses hide themselves inside other programs. Many of them can hide in any kind of program. You get this kind of virus by running a program that has the virus inside it. When the program is run, the virus is let loose, and it travels throughout your computer, infecting other program files. Depending on the kind of virus it is, it can attack certain sections of your computer, such as the boot sector, which could damage all your programs and data. Or it could attack other sections of your hard disk. If you don't check regularly for viruses, you may only find out about the infection after it's too late and the damage has been done.
Antiviral software has long been used on individual computers. A scanner checks to see if your computer has any files that have been infected, while an eradication program will wipe the virus from your hard disk. Since viruses pose such a danger to intranets, it is also best to protect against viruses by putting a virus scanner on a server inside a firewall, where that scanner can check every file coming into the intranet for known viruses. This does not eliminate the need for client software to cover such cases as a virus that may travel in a diskette from an external source.
Such a scanner typically doesn't check every single packet coming in, since many types of packets won't be able to have viruses in them. Instead, the scanner checks only those packets sent with certain Internet protocols, such as for e-mail, FTP, and the Web, that may indicate that a binary file is being transferred into the intranet. It looks at only those files, using packet filtering technology similar to that used by filtering routers. It then scans those files for viruses, letting in those files that are virus-free, and stopping any infected files from entering the intranet.
Viruses are a major security risk for intranets. They can damage data, occupy and consume resources, and disrupt operations. Program files were the major source of trouble in the past, but new "macro" viruses can hide in data files and launch, for example, when a macro in a word processing program is run. Server-based and client-based virus-scanning software both have roles that help protect the intranet.
The Java programming language can create interactive, multimedia applications (called applets) that can greatly extend the power of the World Wide Web on intranets and the Internet. However, some people believe that it can theoretically be used to attack an intranet. Here is an example of such an attack, which computer scientists at Princeton University discovered was possible due to holes in the Java protection scheme. Since then, this particular hole was covered up, but only if people use specific versions of Netscape which contain the fix. Many computer scientists say that other security holes still exist in Java.