Internet vs Intranet: What’s the difference?

Hello! So you’re back for more. Today, we’re going to talk about a type of network called an Intranet. This is different from the internet.

WHAT IS AN INTRANET: An intranet is an private network of internet-like services that provide resources to it’s users. Services on the intranet are generally not accessible from the internet unless a port forward is configured on the network’s router or firewall. Intranets usually contain devices and services that are used exclusively by the users on that network. Services range from simple internal email systems to video conferencing, media, building security and control systems, as well as industrial machine controls. Unlike the internet, Intranet services do not require internet access. Internet is only required if these services are to be accessed from outside the network.

As an intranet system is built on a regular local network, devices on this network will likely also have access to the general internet. There are some situations however, where this is not desired, such as with industrial machinery, and in the healthcare industry (Such as MRI systems), or other situations where air gapping is required or desired.

Intranets are popular in corporate and industrial settings where network access to certain equipment is necessary, but internet access is not. Intranets are often isolated from networks with internet access for security reasons. Those with highly sensitive data usually come with strict security configurations, to prevent access from unauthorized users or devices.

WHAT IS AIR GAPPING: In IT, air gapping is the process of totally isolating a system or a network. In terms of a single device or system, this is achieved by not connecting it to any network, instead relying on manual input or portable storage devices to move data.

On a network, this is defined as separating desired devices and systems onto a network that is entirely independent of any other network (ie, physically isolated from other active networks). This is achieved with a switch and some cables, with manual IP addresses OR one device acting as a DHCP server.

WHAT IS AVAILABLE ON AN INTRANET: In general, any service that is available on the global internet can also be made available on an intranet, such as:

* Web server (Your router’s configuration page is an example)
* EMail server
* DNS Resolvers
* Chat/Messaging System
* Video Conferencing
* Multimedia Streaming
* Gaming
* File Sharing & Storage

NOTE: Cloud based services, such as Google or Microsoft, are NOT considered Intranet services. These require internet connectivity to operate. Intranet services operate locally, and thus do not need internet connectivity.

BENEFITS OF AN INTRANET: There are many upsides to running things in-house versus in the cloud, such as:

* USE WHAT WORKS: Unlike internet-based services, which always undergo updates, This is usually not necessary on a local service that does not connect to the internet, nor is accessed from the internet (Except via a secure VPN or leased line). This allows you to use any version of any software, or even operating system. It is recommend to keep things up to date as much as possible, but you will have full control over this process, so you can easily delay updates to ensure you’re not going to run into any major problems. 

* COMPLETELY INDEPENDENT: Intranet services are usually not dependent on global internet access, meaning if your connection to the outside world fails, all of your internal services will continue to work as normal.

* SECURE: Because your Intranet is isolated from the global internet, whether it be by a properly set up router/firewall, or even completely air gapped, there’s very little to no risk of a data breach or hack.

* FULL ADMIN ACCESS: On an intranet, you’re in complete control of your servers. Unlike cloud services, which often makes you rely on web based tools to manage things, an in-house server gives you far more control. As the admin, you generally have root/admin level access to the server itself, allowing for more changes and customizations than on a cloud service.

* WILL ALWAYS BE THERE: Unlike cloud services, which come and go, a locally hosted service will always be there.

* BETTER ACCESS CONTROL: Unlike cloud services, which are exposed to the internet and vulnerable to unauthorized access by use of stolen credentials, intranet services are not accessible from the internet. As such, it’s easier to maintain a higher level of access control. With proper operational security (OpSec) protocols in place, there is ZERO chance of sensitive data leaking.

AND NOW, THE DOWNSIDES: Unlike the benefits, however, there ARE some downsides:

* MAINTENANCE REQUIRED: Unlike internet-based services, which are maintained by the company running them, Maintenance of intranet services and equipment are the responsibility of either you, or your IT person.

* FINDING APPROPRIATE SOFTWARE: If you choose to go completely local, you will need to find client and server software that will meet your requirements. Some of it can be free, while others require a paid license.

* SUPPORT CAN BE TRICKY: Cloud services usually have a full support team to lean on if something goes wrong. With local services, support will range from a team similar to those of cloud services, all the way to a simple community of other users and admins.

* COST: The cost of operating and maintaining internal services can either be less than that of cloud hosted services, or can exceed that cost. Hardware upkeep and software licensing are the key factors here.

INTRANET BETWEEN SITES: Did you know that it’s possible to have an intranet between physical locations? Before the prevalance of VPN tunnels, one practical way of building an intranet between multiple sites was to use a dedicated leased line from the local telephone company. Dedicated ISDN, T1 and Fiber lines were the top choice in those times. Despite being largely outdated, and the rise of secure, simple to configure VPN tunnels, some companies requiring a high level of security still rely on leased lines to provide a link between sites.

INTRANET VS CLOSED NETWORK: There are some differences between an intranet, and a closed or “walled garden” network. An intranet has locally accessible, intranet-like services that it’s users can access, while also being able to access the internet itself. A closed network, however, only grants access to what services exist on that network.

Intranets on closed networks are a popular thing in some industries, and even in some countries. Closed networks generally either do not allow internet access, or allow limited access through use of a proxy server.

Such networks were popular back in the mid to late 90s to share a single internet connection, such as dial-up, with multiple systems, either through a proxy server, or using a feature such as Internet Connection Sharing (ICS) implemented in Windows 98 SE. This, of course, was before the advent of an always-on broadband connection, and before routers became affordable enough for the average home user.

PROXY VS ROUTER: Getting online today is far easier thanks to internet routers becoming a common appliance in virtually every home and office in the world. Back in the early days, if you wanted more than one person in your home to have internet access, you had two choices: Either pay for a second phone line and internet account, or set up a local network with a proxy server on the PC with the internet access.

This would be done by having an Ethernet card and a modem installed in the same PC, and just Ethernet cards in the other PCs. On the internet PC, you would either set up a proxy server application, or if your internet connected PC ran Windows 98 SE or above, you could use Internet Connection Sharing. ICS essentially turns your 98SE+ PC into a router of sorts. This would allow PCs on the local network to pull an IP address, gateway and DNS info from your main PC, then use that to access the wider internet.

For most, a proxy server seemed like the easy way to go, however, there are some caveats to going this method:

* The main PC, and every PC that needs to get online would need to have a local IP address and subnet assigned as there is no DHCP server. A gateway or DNS isn’t absolutely necessary.
* Every PC that needs to get online would need to have the configuration details of the proxy server (IP and port, as well as username and password if configured) set up on the system, and in any applications that did not respect the system settings.
* Not all applications supported the use of a proxy server.
* Improper configuration of the proxy server will result in the proxy being exposed to the wider internet. If no authentication is configured, this can (and usually does) result in your internet connection being used for potentially abusive purposes, such as spamming. (Configure the listening IP to be on the LAN IP only)
* If the main PC or proxy server application crashes or gets turned off, everyone on the network will lose internet access.

But, there are some positives:

* You can control data usage by only allowing certain applications to use the proxy.
* You can control access to sites and content
* It’s difficult, if not impossible to circumvent if this is the only way onto the internet. (ONLY applies to closed networks)
* With some proxy applications, it is possible to set data usage limits. (Known as quotas)
* You can get by on a single device connection, such as dial-up or networks that limit the number of devices connected.
* Often cheaper than using a router.