Perhaps the most important step you can take when designing an extranet is to protect the network from itself. You're likely used to managing a firewall environment using the screened subnet approach with three zones: a private network, a public network and a DMZ. (For more on this, read my article, Choosing the right firewall topology.) The goal of this strategy is to isolate systems with differing levels of public access from each other. The same is true with an extranet; you need to isolate extranet systems from both the public network and the private network. You certainly don't want to expose sensitive internal systems to your business partners carte blanche. When you design your extranet, keep in mind that you want to expose only the information assets required for successful partnership.
2.) Strong authentication
The second key component of a secure extranet is the use of strong authentication techniques. Where possible, extranets should implement some form of two-factor authentication. The most likely solution where a human is involved in the authentication process is the use of a key fob token approach, such as RSA's SecurID or Secure Computing's SafeWord. If extranet communications take place between unattended servers, consider the use of digital certificates to provide an added level of confidence in the authentication process.
3.) Granular access controls
Granular access controls are essential to the secure operation of complex extranets. If your organization must interact with a number of different suppliers, customers, vendors and business partners, you need to take steps to enforce the principle of least privilege. The ideal scenario, of course, is to implement isolation to such a degree that extranet clients get access to a network zone that only contains resources they are authorized to access. However, the more complicated your extranet, the less likely it is that this approach is practical. Therefore, you should complement your strong authentication controls with granular authorization controls. Administrators should configure access lists in a manner that limits the access of each extranet client to those specific resources necessary for the partnership.
Finally, extranets should make use of available encryption technology. By nature, extranets involve sharing sensitive organizational data over the Internet. Ensure that extranet clients make use of virtual private network (VPN) technology that provides strong encryption for data in transit over these unsecured networks. Also, ensure that both the VPN solution (both client and server hardware and software) and the encryption algorithm they use meet your security requirements.
Remember, the security controls outlined in this article are merely a starting point for a secure extranet design. You need to complement these controls with policies and other mechanisms that comprise basic security best practices. For example, your extranet agreements should clearly specify the security configuration standards for systems that connect to the extranet. You wouldn't want to implement the technical controls described in this tip only to have them defeated by a poorly managed user workstation that's infected by a virus!
About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
This was first published in June 2006