I manage the computer systems for a university. We have a local Win2k network domain with an intranet Web site and Exchange 5.5 Server running on it. Sometimes our students try to hack into the teachers' computers. In an effort to prevent this, I want to set up another domain for the students, but still allow them to access the intranet and Exchange mail system when their teachers are monitoring them. How can I accomplish this?
You're facing a problem common to educational institutions. I would strive to isolate student and administrative networks as much as possible. It's extremely difficult to secure environments where users have two different security levels (e.g. students and teachers) on the same network, regardless of their domain membership.
It's entirely possible to implement shared services, such as the mail and Web services you mentioned. I suggest using a four-interface firewall to create separate zones for students, teachers, shared services and the Internet. The Web server and intranet server would then live in the shared services zone or DMZ and benefit from the protection of the firewall's rulebase.
This was last published in August 2006
Dig Deeper on Secure SaaS: Cloud application security
Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise ...
Continue Reading
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.
Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ...
Continue Reading