In general, we make our systems more secure by
Limiting access—through firewalls, passwords, and so on—to the system
Understanding the system and security requirements
Keeping up to date on the latest patches and security alerts
Of course, the easiest way to limit access to a system is to disconnect it from any public network, such as the Internet, and to physically secure all of the points where the network meets the real world. This type of security measure might be fine and appropriate for military systems, but for Internet e-commerce systems, it wouldn't do much to help business.
Another option to limit access to intranet-based Web applications is to establish a firewall between the intranet and the Internet. Most companies ...