This scenario describes a typical business, the JKL Toy Company which has decided to expand its business objectives by using the Internet. Although the company is fictitious, their plans for using the Internet for e-business and their resulting business needs are representative of many real world company situations.
The JKL Toy Company is a small, but rapidly growing, manufacturer of toys, from jump ropes to kites to cuddly stuffed leopards. The company president is enthusiastic about the growth of the business and about how its new iSeries server can ease the burdens of that growth. Sharon Jones, the accounting manager, is responsible for iSeries system administration and system security.
The JKL Toy Company has been successfully using its current setup for its internal applications for over a year. The company now has plans to set up an intranet to more efficiently share internal information. The company also has plans to begin using the Internet to further its business goals. Included in these goals are plans for creating a corporate Internet marketing presence, including an online catalog. They also want to use the Internet to transmit sensitive information from remote sites to the corporate office. Additionally, the company wants to allow employees in the design laboratory to have Internet access for research and development purposes. Eventually, the company wants to allow customers to use their web site for direct online purchasing. Sharon is developing a report about the specific potential risks and challenges associated with these activities and what measures the company should use to minimize these risks. Sharon will be responsible for updating the company security policy and adjusting the company computing strategies as they work to achieve their goals.
The goals of this increased Internet presence are as follows
Here is the an example of the company Internet/network configuration.
As shown in the diagram, JKL Toy company has two primary iSeries servers. They use one system for development (JKLDEV) and one for production (JKLPROD) applications. Both of these servers handle mission-critical data and applications. Consequently, they are not comfortable running their Internet applications on these servers. Instead, they have chosen to add a new iSeries server (JKLINT) to run these applications.
The company has placed the new system on a perimeter network and is using a firewall between it and the main internal network of the company to ensure better separation between their network and the Internet. This separation decreases the Internet risks to which their internal systems are vulnerable. By designating the new iSeries as an Internet server only, the company also decreases the complexity of managing their network security.
The company will not run any mission-critical applications on the new iSeries system at this time. During this stage of their e-business plans the new system will provide a static public web site only. However, the company wants to implement security measures to protect the system and the public web site it runs to prevent service interruptions and other possible attacks. Consequently, the company will protect the system with packet filtering rules and network address translation (NAT) rules, as well as strong basic security measures.
As the company develops more advanced public applications (such as an e-commerce web site or extranet access) they will implement more advanced security and systems management measures.