Educause Security Discussion mailing list archives
Re: Residential (Dorm) Network
From: "Foerst, Daniel P." <FOERST () CUA EDU>
Date: Thu, 4 Sep 2008 15:04:29 -0400
We are operating in a similar manner. Our residence halls each have their own dedicated wired VLAN. Each building is connected to residential core routers which has connectivity back to our core network. We use ACLs to prohibit dorm-to-dorm communication (which significantly reduces virus and malware outbreaks), except where necessary, and firewall ACLs in our core to allow connectivity to public services. We operate two large wireless LANs (VLANs) that cover several residence halls for our residents; each WLAN communicates to the same residence core routers. Like the wired LAN the core is firewalled to allow public service requests from our WLANs. Tracking down an IP in a WLAN is a little more work as we cannot identify what building they are in by subnet address, instead we use our wireless system to identify the access point the device is connected to. Plans have existed (but not yet implemented due to time and other projects)for some time to provide our residences Internet connectivity as a DMZ off our edge firewall through one pipe and use the existing pipe for on campus communication only. This would provide redundancy in the event that should the connecting up stream router ever go down their network connectivity would remain. This was decided for planned maintenance periods where the majority of campus is not using the network except students, e.g. weekends or late nights. Additionally should there ever exist a time that we need to disabled connectivity between the core and the residence network we could do so without disabling Internet connectivity. Daniel Foerst Manager, Networks & Security The Catholic University of America Washington, DC 20064 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Thursday, September 04, 2008 12:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Residential (Dorm) Network Daniel Bennett wrote:
I am interested in hearing how your University handles their Residential Network. Is it isolated through Firewalls, ACLS? Does it
have dedicated bandwidth? How do users access internal College
resources?
Do they access resources through a VPN?
Our residence halls are on their own VLANs. We use ACLs to limit access to the general campus network. However, a default permit policy is in effect and very few services are blocked. Instead, student address ranges are blocked at the resources they are not to access. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Residential (Dorm) Network Daniel Bennett (Sep 03)
- <Possible follow-ups>
- Re: Residential (Dorm) Network Kellogg, Brian D. (Sep 03)
- Re: Residential (Dorm) Network Brawner, David (Sep 03)
- Re: Residential (Dorm) Network Avdagic, Indir (Sep 03)
- Re: Residential (Dorm) Network Jeff Kell (Sep 04)
- Re: Residential (Dorm) Network Daniel Bennett (Sep 04)
- Re: Residential (Dorm) Network Gary Flynn (Sep 04)
- Re: Residential (Dorm) Network Foerst, Daniel P. (Sep 04)
- Re: Residential (Dorm) Network Jeff Kell (Sep 04)