WWW Security Mock Site - Example Setup

In this example we assume that the organization has 100 people, and they originally had no tie to the internet. They maintained an NT server for in house file handling. This server becomes the proxy server portion of the firewall. This example equips the organization with a Sun SPARC Ultra for the external web server. Pricing data is accurate (rounded to the nearest hundred) except for the router for which pricing data isn't available. The Ultra pricing is taken from a package deal estimate. This example provides the organzation with a commerce solution and internet access. T1 leasing is dependant on the carrier. Cabeling and installation is an estimate as well as training.

The setup we considered is the entire company network behind a packet filtering router thus limiting access to both the local network and Web server by port and data type. The second level of security being a proxy server. This dual security barrier is desireable, especially in our example of a software company where much of the valuable data is held on the internal network.

Pricing

Leased T1 Line (monthly)	$1500
SPARC Ultra Server	$12000
CISCO PIX router	$5000
Netscape Suite Spot (mail, proxy, news, etc servers)	$5000
Netscape Communicator (client side, mail, web, communications) 100 units	$8000
Netscape Enterprise Web Server	$1300
Verisign ID	$300
Open Market Package	$100
Domain Registration	$100
Cabeling / Installation	$4000
Training	$3000
Total	$40,300

Recurring costs like the line lease, $75 / year for the Verisign ID, and $50 / year (after two years) for domain registration need to be considered. Maintainining the server is required. Ideally the server should be monitored 24 hours / day year round. That is often not feasible. The choice of a UNIX server makes remote maintenance easier, and there are several options for warning the sysadmin of a problem. Many simple solutions can be coded with scripts on the server.

Setup

Setup should be relatively painless for the organization. Once all the equipment and software is available and leased line is brought in, initial installation should take about one week. The internal network should not experience any down time if server installation is handled during off business hours.

In many cases these costs are simply impractical. The alternative is to sign on with a service provider and allow them to handle the security of your data. This leaves many corporate policy makers queasy since the safety of some their assets are completely out of their control. In the case of a governmental organization, this expense is generally trivial and data is critical. Although mission critical battle plans are unlikely to appear on a publically accessible server (even with the cryptographic safeguards), the principles used to secure data between a client and browser or a general and field soldier are the same.