Educause Security Discussion mailing list archives

Re: Residential (Dorm) Network

From: Daniel Bennett <dbennett () PCT EDU>
Date: Thu, 4 Sep 2008 09:57:08 -0400

Thanks Jeff.  Can you send me some info on how you are utilizing virtual routing?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Kell
Sent: Thursday, September 04, 2008 9:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Residential (Dorm) Network

Daniel Bennett wrote:
I am interested in hearing how your University handles their Residential Network.  Is it isolated through Firewalls, 
ACLS?  Does it have dedicated bandwidth?  How do users access internal College resources?  Do they access resources 
through a VPN?

Our Resnet traffic was originally terminated on our core and we used ACLs to some extent to isolate the traffic.  As 
their network grew, they got their own dedicated router to terminate their traffic, and we used ACLs on the link to the 
core to restrict them to "sane and expected" traffic.  Then came an outgrowth of the "campus" network into the resnet 
network -- a housing office, access panels controlled by our central system, environmental monitoring, surveillance 
video, etc., that started to complicate the ACLs, not to mention mixing "secure" traffic with casual dorm netsurfing.  
They have their own vlans, for the most part, but they still mesh into the same routing cloud.

We're in the process of converting Resnet over to VRFs (virtual routing), and getting the isolated cases off of the 
resnet instance.  The resnet side only has visibility to the campus public servers and the internet, and nothing else.  
The "campus extensions" are just that -- tied directly into the campus core with their counterparts.

For bandwidth, they have always shared outside connectivity with the main campus.  We've used various traffic 
management and packet shaping techniques to keep them from monopolizing the available bandwidth.

Jeff Kell
UT Chattanooga

Current thread:

Residential (Dorm) Network Daniel Bennett (Sep 03)
- <Possible follow-ups>
- Re: Residential (Dorm) Network Kellogg, Brian D. (Sep 03)
- Re: Residential (Dorm) Network Brawner, David (Sep 03)
- Re: Residential (Dorm) Network Avdagic, Indir (Sep 03)
- Re: Residential (Dorm) Network Jeff Kell (Sep 04)
- Re: Residential (Dorm) Network Daniel Bennett (Sep 04)
- Re: Residential (Dorm) Network Gary Flynn (Sep 04)
- Re: Residential (Dorm) Network Foerst, Daniel P. (Sep 04)
- Re: Residential (Dorm) Network Jeff Kell (Sep 04)