SECURITY

External Threats - Internet Connectivity utilizes a double firewall implementation with all Internet-exposed applications residing on a public backbone network. In this implementation all connections initiated from the Internet into the schools private network will be refused. In the district security model the network is divided into three logical network classifications, Administrative, curriculum and external with secured interconnections between them.

This model dictates that two physical LAN infrastructures are installed at all schools and the District Office, with one designated administrative and the other curriculum. All computers and file servers are categorized according to its function and placed on the appropriate LAN segment. At the schools, each LAN segment has a file server. All applications will be categorized and placed on the appropriate server. By utilizing Access Control Lists (ACLs) on the routers, all traffic from the curriculum LANs is prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as E-Mail and Directory services are allowed to pass freely since they pose no risk. A user ID and Password Policy is published and strictly enforced on all computers in the District. All computers in the District network has full access to the Internet. All ACLs are controlled at the district office and exceptions to the ACLs are reviewed prior to implementation.

The following access-lists are implemented locally...

All of the student networks are able to be seen by all nodes on the network. The adminstration network will not be able to be accessed from any terminal without an IP in the range of 128.192.24.0-128.192.31.255(assigned statically by administration). The ACL will be configured as follows...

Router(config)#access-list 1 permit 128.192.24.0 0.0.31.255

Router(config-inf)#access-group 1

This access-list will be placed on all interfaces of the administration router.