Basic User Management
Most intranets include significant amounts of sensitive corporate data. This is why it is important to have at least a basic degree of password-protection in place to restrict access to approved users. If the intranet is available via HTTP to users outside the corporate firewall, then this should be considered mandatory.
Many intranets just have a generic corporate password for all users. This happens when access needs to be restricted to employees only and a systems administrator simply password-protects the intranet's root directory on the web server. This results in a password prompt appearing the first time any user attempts to access any page or document within that root folder. If the user enters the correct password, they are authenticated as having permission to access everything in the folder.
What often makes these generic passwords inappropriate is that they get stale-dated. When personnel changes occur, ex-employees tend to retain their access privileges because system administrators don't want to change the password for all employees. This can obviously represent a significant security risk.
A Basic User Management system will allow individual users to each have their own access ID and password. An administrator will be able to add, edit and delete user privileges as requests come in from Human Resources or other appropriate departments. These systems are quite simple to develop, or to purchase and implement.
See Chapter 10 for more information on intranet security.