An intranet is a private network accessible only to an organization's staff.
Questions tagged [intranet]
20 questions
151
votes
12 answers
Do I need to encrypt connections inside a corporate network?
Provided that I have a decent level of physical security in the office, I monitor the physical addresses of devices connected to the network and only give VPN access to trusted parties, do I need to encrypt access to intranet resources over HTTP?…
Robert Cutajar
- 1,461
- 2
- 7
- 7
46
votes
5 answers
Should web applications that are only accessible from a LAN be held to the same security standards as publicly accessible websites?
Many security measures are intended to protect against hostile users who want to abuse the software or get access to content they don't have permission to access. Things like CSRF protection, SQLi protection, TLS and many other security features…
Nzall
- 7,313
- 6
- 29
- 45
37
votes
7 answers
Is it acceptable for an internal HR site to run over HTTP?
Our internal HR site - which has our personal details, payslips, holiday details etc. runs entirely off a basic http site. The site is only accessible within the company network, and can't be accessed e.g. by employees at home (except through a…
aldredd
- 471
- 1
- 4
- 5
4
votes
2 answers
Adding network drive to trusted intranet sites security hole?
We have a shared network drive that is mapped, and when we open certain files we get a dialog like
I found this site which explains that adding the network path to Local Intranet trusted sites for all users allows opening of such files without the…
hellyale
- 143
- 1
- 1
- 6
2
votes
1 answer
Server secured with a Certificate from a Custom CA Root: OK on Firefox but KO on Chrome?
The Setup
In order to protect the very small intranet of the ACME company, which contains two private servers, foo-server and bar-server, I've created with OpenSSL:
The Root CA Certificate
The Intermediate CA Certificate
The ca-chain file,…
Andrea Ligios
- 123
- 4
2
votes
1 answer
How big is the man in the middle threat from outside the network when communicating on an intranet?
I know that certificates and signatures are really important for preventing Man-in-the-middle attacks, among other things.
I am not concerned about a third party reading the transmission, only altering it. Imagine data that is nowhere confidential,…
Kaito Kid
- 135
- 4
2
votes
3 answers
How important is encrypting traffic that never leaves a data center?
How important is encrypting traffic that never leaves a data center?
To me, it seems both important and (thanks to IPsec) easy to achieve. However, it seems to rarely be done; Google does not do it, for example.
How important is encryption traffic…
Demi
- 769
- 1
- 4
- 11
1
vote
2 answers
How to setup internet connection in a way vpn logs would think I'm logging from different country
I have a company laptop which uses a Cisco VPN to log in to the company network in order for me to work.
How do I configure internet I'm using at home in a way where Cisco VPN logs, or another log that can be taken from the company laptop, show a…
kaldes
- 11
- 1
1
vote
0 answers
Is it OK to have both, the hostname and the FQDN of a server, in an SSL certificate?
On a company intranet, it is often more comfortable to access an internal webserver just by its hostname instead of providing the FQDN. As long as the hostname itself does not already equal a valid name on the internet, the automatic concatenation…
stackprotector
- 1,621
- 3
- 6
- 15
1
vote
2 answers
How to make SaaS application accessible only on intranet?
We are a SaaS-based product but one of the client requirement is to make our application accessible only on their intranet. Is that even possible?
ChallengeMe
- 153
- 1
- 3
- 10
1
vote
0 answers
Is using localhost for sensitive data secure?
I'm working with a nonprofit that wants to use CiviCRM to process its donor, member, and patron personal information. Civi is CMS-based, and will only run via WordPress, Drupal, Joomla, etc.
Newb question: If I set up WordPress on localhost (on a…
Lynn Greene
- 11
- 1
1
vote
0 answers
Addressing security issues for documenting internal systems
The Situation
I'm presently a member of a healthcare records team that is sorely understaffed and has an incredibly low bus factor, with only two people with the majority of system knowledge, myself - allocated temporarily, and a consultant - also…
SE Does Not Like Dissent
- 158
- 5
1
vote
3 answers
How to detect when one or more devices in my local network have become DDOS attack nodes?
I have a home network, big family, with around 20 devices on it at any given time. It seems like every year or so, some device gets a virus or a security flaw is revealed, and the device starts behaving badly.
Normally the device will behave badly…
Nicholas DiPiazza
- 149
- 8
1
vote
1 answer
Linux, Security and Safety inside a large intranet
One needs to configure freely a development environment under Linux set up inside a large intranet, with access to the internet.
I am not a Linux Administrator, nor a Network Expert. From what I can collect from the net, however, my understanding…
Nikos Alexandris
- 111
- 3
1
vote
2 answers
How can you enumerate an internal network with minimal outside knowledge?
The scenario is that you get to plug your laptop into an Ethernet port in some building. You get an IP address (DHCP) and can access the internet.
Right out of the gate you know your IP, gateway, and subnet mask, and you can do an ARP scan to…
Gray
- 728
- 4
- 15