Previous Table of Contents Next


Chapter 43
Supporting a Web Site

Gilbert Held

The popularity of the World Wide Web is beyond dispute, with over 25 million persons now surfing the Web on a daily basis. As organizations continue to “step forward” and establish a presence on the Web, management will rapidly note that in many cases the initial cost estimate represents the proverbial tip of the iceberg. In this chapter our goal is to become aware of the entire iceberg by focusing attention upon the economics associated with supporting a Web site. To do so we will turn our attention to the communications link, hardware platform, software, and personnel that may be required to support a Web site. This will provide you with a firm indication of the true potential cost that can be associated with supporting the presence of your organization on the Web.

COMMUNICATIONS

The connection of a Web server to the Internet is commonly accomplished via the use of a leased line between your server site and an Internet Service Provider (ISP). At your server site your Web server is normally connected to a local area network (LAN), and the LAN is connected to a router which in turn is connected to the leased line routed to the ISP. Exhibit 1 illustrates the previously described method used to connect a Web server to the Internet.

In examining Exhibit 1 it is important to note that some ISPs will provide a router and arrange for the installation of a leased line for a single monthly fee. If the ISP is also a communications carrier it can provide both the leased line and the router which may result in a slight reduction in the total monthly cost due to the elimination of a middleman. Examples of ISPs that are also communications carriers include AT&T, MCI, Sprint, and several of the local Bell Operating Companies (BOCs).

The router provides the ability to move traffic destined to a different network off the LAN hub to the ISP which forwards data to the Internet. Similarly, the router also accepts inbound data and places such data onto the local network via a connection to the hub. Most ISPs allow customers to purchase a router; however, they will only guarantee support for certain products. This means that if you obtain a non-supported product and a problem arises, the ISP will not be able to test the connection from their location to your router’s wide area network interface.


Exhibit 1.  Connecting a Web Server to the Internet.

The actual leased line can range in scope from a Dataphone Digital Service (DDS) 56 Kbps line to a fractional T1 operating in increments of 56 or 64 Kbps up to 784 Kbps, or a full T1 operating at 1.544 Mbps. Thus, the actual cost for communications will vary based upon the type of transmission facility installed. Although most ISPs bill monthly based upon the transmission capacity of the leased line, several ISPs introduced a new type of measured transmission service during 1996. One example of this measured service is offered by BBN Planet which will install a T1 line and bill your organization based upon the average utilization of the transmission facility over a 24-hour per day period on a monthly basis. Although this measured usage billing mechanism can provide significant savings for organizations that need the ability to support periodic surges in network traffic from a relatively low base of usage, if you have a consistent high level of usage a more conventional fixed rate plan may be more appropriate.

Returning to Exhibit 1, note that the Web server is shown as only one of two devices connected to the LAN hub, with the other device being the router. This type of connection represents a communications isolated connection to the Internet since there is no possible access from the Internet to other corporate computers that may reside on an internal corporate network. Since many organizations either have other devices connected to the network to which the Web server is connected or use a multiport router to connect multiple networks to the Internet via a single Internet communications connection, security then becomes a very important issue to consider.

SECURITY ISSUES

Almost all routers include a filtering capability that can be used to enable or disable the flow of packets based upon source address, destination address, and TCP’s “well-known” port. Here the term “well-known” port represents a numeric that identifies the type of application data being transported within a TCP packet. For example, a value of 25 is used for the Simple Mail Transport Protocol (SMTP) used to transport electronic mail, while a value of 80 is used for the HyperText Transport Protocol (HTTP) used to transport Web browser data. Thus, by configuring the router to disable all traffic on TCP port 25 you could disable the flow of electronic mail.

Although router filtering is useful, it cannot prevent repetitive attacks against your computer resources. For example, if your Web server is also configured to support the file transfer protocol (ftp), a hacker could guess an account name by repetitively using the entries in an electronic dictionary to first obtain an account name, and could then reuse the dictionary to discover a password associated with the account. Preventing this so-called dictionary attack as well as providing additional levels of security beyond router filtering requires the use of a firewall.

THE FIREWALL OPTION

Exhibit 2 illustrates the use of a firewall to protect an internal corporate network connected to the Internet by the use of a two-LAN port router. In this example the Web server can be considered to reside on the public access network while the corporate internal network obtains protection from the use of a firewall.

The actual cost of a firewall can range from approximately $2500 to well over $30,000, with the more expensive products providing authentication, encryption, and a digital signature capability, features not included in low cost products. In addition to the one-time cost of the firewall, most vendors market a separate yearly maintenance fee that provides support and software upgrades. Concerning the actual configuration and operation of a firewall, it can require a minimum of a day or two to set up. Thereafter, the level of support will vary based upon the dynamics of the organization. If your organization frequently changes policies and rules, you can expect a member of your communications staff to be devoted to reconfiguring and testing the firewall. If your organization rarely changes rules and policies once they are established, you can probably expect an existing employee to devote only a few hours every few weeks to maintaining the firewall. Now that we have an appreciation for the communications involved in supporting a Web site, let’s turn our attention to the hardware platform.


Exhibit 2.  Using a Firewall to Protect an Internal Corporate Network.


Previous Table of Contents Next

Copyright © CRC Press LLC