| Home |
This is the security document. It simply states what I feel will be good for the network security wise. It is followed by the ACL's that will be used to further protect the network. Security The LAN will implement double firewall security, with all Internet applications on the public backbone. All connections from the Internet to internal servers or applications will be refused except for needed entries like dns, and http. The LAN will be segmented as admin, curriculum and server. Virus protection will be through Norton Anti-virus Corporate Edition, which will be updated at least once a week or when any major virus is released into the Internet. ACLs will be used to block and allow traffic that is unnecessary or unwanted. Admin computers will be given static IP’s in order to keep a constant knowledge of who is doing what within the admin site. The curriculum computers will use DHCP for ease of administering the network once implemented. The implementation of VLANs to segement out broadcast storms also acts as a further protection in the school site. Teachers and all other admin will each have a password access to restrict certain documents to some and not to others while allowing them to log in at any computer in the district to update files. These passwords will be good for one quarter and must be changed to keep brute force hacks from successfully entering the system. This security will work very well with the school implementation and will help the network admin in running the network smoothly. Access-list 101 permit tcp any 10.0.16.1 0.0.15.255 eq dns established log Access-list 101 permit tcp any 10.0.16.1 0.0.15.255 eq smtp established log Access-list 103 deny tcp 10.16.1.1 0.0.15.255 10.0.32.1 0.0.15.255 Access-list 104 deny tcp 10.16.1.1 0.0.15.255 host 10.0.20.236
|