Skip to main content

Security best practices

Systems in an intranet are more secure than those in the internet, but it requires a bit of context to understand why. Let's break down the reasons for this and why it's strongly encouraged to use a security proxy behind an intranet.

  1. Controlled Environment: An intranet is a private network that is typically owned and managed by an organization. This means that the organization has control over who can access the network and what resources are available. In contrast, the internet is a vast and open network where anyone can potentially access your system.

  2. Limited Access Points: In an intranet, access points to the network are limited and tightly controlled. This means that there are fewer entry points that need to be secured, making it easier to monitor and protect them. In contrast, the internet has countless entry points, making it much more challenging to defend against potential threats.

  3. Security Policies: Organizations can implement strict security policies within their intranet. This includes firewalls, intrusion detection systems, and other security measures that are tailored to the organization's specific needs. On the internet, security measures are often more generic and may not be as finely tuned to a particular organization's requirements.

  4. Reduced Exposure: Intranet systems are not directly exposed to the public internet. This reduces the surface area for potential attacks, as malicious actors have to breach the perimeter of the intranet before they can target specific systems.

Why use a security proxy and not run the system directly in a hosted environment:

  1. Security Proxy: A security proxy acts as an additional layer of security between your internal systems and external users. It can inspect incoming requests, filter out malicious traffic, and enforce access controls. By using a security proxy, you add an extra layer of protection to your intranet systems, reducing the risk of unauthorized access and attacks.

  2. Controlled Access to REST Endpoints: Configuring the security proxy to allow requests only to certain REST endpoints is a best practice known as access control. It ensures that only authorized users or applications can access specific resources on your intranet. This minimizes the attack surface and reduces the risk of data breaches or unauthorized access to critical systems.

  3. Avoiding Direct Hosting: Hosting your internal systems directly on the public internet can be risky because it exposes them to a much larger and potentially hostile audience. Even with strong security measures, the sheer volume of potential threats on the internet makes it more challenging to maintain a high level of security. By keeping your systems within your intranet and using a security proxy to selectively expose them, you maintain better control and security.

In summary, the security of systems in an intranet is generally stronger due to controlled environments, limited access points, and tailored security measures. Using a security proxy to control access to REST endpoints is a recommended practice to enhance security, and avoiding direct hosting on the internet helps protect sensitive systems from the broader threatscape of the public internet.