Scenario: JKL Toy Company e-business plans

The typical scenario of JKL Toy Company, which has decided to expand its business objectives by using the Internet, might be helpful for you when you want to set your own e-business plans.

The JKL Toy Company is a small, but rapidly growing manufacturer of toys. The company president is enthusiastic about the growth of the business and how its new i5/OS operating system can ease the burdens of that growth. Sharon Jones, the accounting manager, is responsible for system administration and system security.

The JKL Toy Company has been successfully using its security policy for its internal applications for over a year. The company now has plans to set up an intranet to more efficiently share internal information. The company also has plans to begin using the Internet to further its business goals. Included in these goals are plans for creating a corporate Internet marketing presence, including an online catalog. They also want to use the Internet to transmit sensitive information from remote sites to the corporate office. Additionally, the company wants to allow employees in the design laboratory to have Internet access for research and development purposes. Eventually, the company wants to allow customers to use their Web site for direct online purchasing. Sharon is developing a report about the specific potential security risks for these activities and what security measures the company should use to minimize these risks. Sharon is responsible for updating the company's security policy and putting into practice the security measures that the company decides to use.

The goals of this increased Internet presence are as follows:

• Promote general corporate image and presence as part of an overall marketing campaign.
• Provide an online product catalog for customers and sales staff.
• Improve customer service.
• Provide employee e-mail and World Wide Web access.

After ensuring that their system has strong basic system security, the JKL Toy Company decides to purchase and use a firewall product to provide network level protection. The firewall will shield their internal network from many potential Internet-related risks. The following figure describes the company's Internet or network configuration.

As shown in the figure, JKL Toy Company has two primary systems. They use one system for development applications (JKLDEV) and one for production applications (JKLPROD). Both of these systems handle mission-critical data and applications. Consequently, they are not comfortable running their Internet applications on these systems. They have chosen to add a new system (JKLINT) to run these applications.

The company has placed the new system on a perimeter network and is using a firewall between it and the main internal network of the company to ensure better separation between their network and the Internet. This separation decreases the Internet risks to which their internal systems are vulnerable. By designating the new system as an Internet server only, the company also decreases the complexity of managing their network security.

The company will not run any mission-critical applications on the new system at this time. During this stage of their e-business plans, the new system provides a static public Web site only. However, the company wants to put security measures into effect to protect the system and the public Web site it runs to prevent service interruptions and other possible attacks. Consequently, the company will protect the system with packet filtering rules and network address translation (NAT) rules, as well as strong basic security measures.

As the company develops more advanced public applications (such as an e-commerce Web site or extranet access), they will put more advanced security measures into effect.