SECURITY
External Threats - Internet Connectivity shall utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. In this implementation all connections initiated from the Internet into the schools private network will be refused. In the district security model the network will be divided into three (3) logical network classifications, Administrative, curriculum and external with secured interconnections between them.
This model will dictate that two physical LAN infrastructures be installed at all schools and the District Office, with one designated administrative and the other curriculum. Every computer and file server will be categorized according to its function and placed on the appropriate LAN segment. At the schools, each LAN segment will have a file server. All applications will be categorized and placed on the appropriate server. By utilizing Access Control Lists (ACLs) on the routers, all traffic from the curriculum LANs will be prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as E-Mail and Directory services will be allowed to pass freely since they pose no risk. A user ID and Password Policy will be published and strictly enforced on all computers in the District. All computers in the District network will have full access to the Internet. All ACLs will be controlled at the district office and exceptions to the ACLs will be reviewed prior to implementation.