As prices of PCs continue to fall and more PC-based meteorological computerised applications are being developed, many NMCs in RA I find it financially feasible, not only to automate data communication functions but also to computerised the whole data handling process. Central to such computerised system is the Automatic Message Switching System (AMSS) and the DBMS Server - a server that is capable of providing data to operational applications.

The conventional data sourcing of the WMO AMSS is the WMO global telecommunication network. With the advent of the global network of PC networks (Internet) the NMCs are realising that Internet technology can provide a more cost-effective data sourcing for the AMSS then GTS dedicated leased links. However, it is also being realised that the Internet and local telecommunication utilities have problems relating to:

• Data destruction resulting from virus attacks.
• Inappropriate data usage.
• Inadequate transmission speeds to cope with crowding on the Internet in terms of both users and data volumes.
• Lack of service priorities.

While on its own, the GTS is inherently safe, it is acknowledged that the moment the internal GTS LAN is shared with the Internet then the above problems will arise.

Because exchange of real-time meteorological data is critical to the operation of NMCs and unwanted access and misuse of the GTS could create a very serious constraints to ensure the highest priority for such type of data. Also, when the GTS uses the TCP/IP protocol it exposes itself to the full capacity of the TCP/IP connectivity which would also include the FTP and Web services which are huge consumers of bandwidth resources security measures that must be put in place to ensure that:

• NMCs can transmit meteorological data via the Internet, the GTS is only used for the transfer of meteorological data/products between authorised hosts.
• using the TCP/IP the GTS is protected from the full capacity of the TCP/IP connectivity, i.e. by blocking external FTP and Web services.

To achieve these and resolve the other Internet related problems, the GTS and the Internet must be segregated in such a way that there is ONLY flow of operational meteorological data between the internal GTS LAN and the Internet LAN and that the cross LAN data transmission is secure. Many of the above network security techniques have a segregation element in them and can therefore be used to that effect. Two examples are presented below:

This configuration provides a safe way of using the Internet to connect to a neighbouring "single-hop " GTS centre. Access lists on the router are responsible for firewalling

Note: Each of the two servers has dual NICs, one running IPX and the other TCP/IP

• Protocol isolation is achieved by IPX protocol connecting the two servers.
• Information replication ensures that the two servers always have an identical data; this then also serves as backup system.
• The internal (as well as Internet) server runs TCP/IP.

It must be emphasised that running network over the Internet instead of over dedicated leased connections can bring significant savings. So wherever possible NMC should explore the possibility of using the Internet as a basis of meteorological data transmission. However, while they do so, NMCs should remember that "a chain is as strong as its weakest link ". It must therefore be made mandatory for NMCs connecting their internal LAN to the Internet to also implement security measures. In due course, the WMO will come out with standard procedures of how to handle network security risks resulting from the use of Internet for GTS activities.

It must also be very strongly emphasised that technical expertise and strong management support are indispensable elements in implementing and enforcing an effective security policy. Without them, no protection will be achieved, even with the best and most expensive firewall system.