Firewall Wizards mailing list archives
seperation of student and staff networks ???
From: "Shaun Moran" <Shaun () TheMorans Com>
Date: Wed, 29 Aug 2001 23:15:26 +1000
Hi, I'm looking at the security for a large number of schools - like most places - there are a mixture of staff and students in the one physical location. Traditional we would typically deploy some form of access control device and deploy two seperate ethernet networks - staff and student and then use an access control poilicy to dictate who can go where. Lately though - I have been more and more concerned about this approach because of the lack of physical security at the schools - not only with the access control device but also with staff people plugging in dual homed servers to get access to a server from both networks and even worse - people plugging student machines into the staff LAN 'beacuase it was easier'. So I dont really know where to go - should I forget about traditional network security and put all my eggs into application security (big job) - maybe use IPSEC to create personal encrypted tunnels from staff members desktops to the staff servers with staff and students all on the same untrusted LAN. What happens if a staff members desktop gets a trojan (say subseven) installed on it - then the student has a nice little connection to the 'secure' staff server ??? Does this dicate the choice of VPN client (one that disables the LAN when the tunnel is up)... I'm sure other people have been in this boat for educations/schools - what have you done ? Shaun _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- seperation of student and staff networks ??? Shaun Moran (Aug 29)
- Re: seperation of student and staff networks ??? Rick Smith at Secure Computing (Aug 31)