Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: How to make secure student network?

How to make secure student network? 11 years 2 months ago #10400

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
hi there...
i want to impliment this kind of network at my college..



Reference:: www.comptechdoc.org

Let say the webserver using 219.x.x.x ip(public) and user using 172.x.x.x ip (private).I'm using packet filtering as the firewall

Question is::

1- How can i allow internal user to derect access the webserver without going to internet?

2-Can pf firewall cater up to 5000 user?or it depend to the hardware?

3-what is the best design to improve the security?should i add another hardware such as IPS or etc? For your informaion, this is student network; and as you know there are alot of issue from student site such as virus and hacking. Need your advice to improve the security issue.

thanks
The administrator has disabled public write access.

Re: How to make secure student network? 11 years 2 months ago #10401

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
1.) In order for your students on the private network to reach the webserver, and the webserver only, you'll need to have your firewall port forward http (TCP port 80 or whatever port your server is set to listen for http on) to just the IP address of the webserver (219.x.x.x). Your clients are still behind NAT, and the only access out of the firewall they would have is the access to the webserver.

One note: if your private network is one big network that includes students and administrators, be sure to segment it into the respective user groups. This will make configuring the firewall easier.

2.) Not sure on that one, but I'd imagine someone more familiar with BSD can tell you for sure. Check this link out, though. http://www.openbsd.org/faq/pf/perf.html

3.) Your design is very good. As far as keeping your network secure from your users, I'd make certain that their local and network rights are just powerful enough to let them do what they need. If you are really concerned about hacking, maybe you should add an IDS like Snort to help you spot suspicious activity.
-Jeremy-
The administrator has disabled public write access.

Re: How to make secure student network? 11 years 2 months ago #10407

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
this is what i read from the net
their advice to design the DMZ like this::
Internet to Modem
Modem to Router
Router to DMZ Hub/Switch
DMZ Switch to WEB/FTP/Game Server
...and...
DMZ Switch to Firewall External NIC
Firewall Internal NIC to Internal Hub/Switch
Internal Hub/Switch to Internal Systems

Reference:: www.dslreports.com/faq/4545



which one is batter compare to the previous?
The administrator has disabled public write access.

Re: How to make secure student network? 11 years 2 months ago #10408

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
The designs are essentially the same, except the second one is more suitable for a home gaming rig. The important thing to note is keeping your users behind NAT, and creating a DMZ for your servers that need to be accessed by both your network and the internet. The first design is good for your situation, even though they are essentially the same.
-Jeremy-
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup