Washington Elementary School District Data Network Project: Sunnyslope School
Network Security Description

Home
Client Requirements | Floor Plans Main | Detailed Floor Plans 1 | Detailed Floor Plans 2 | Detailed Floor Plans 3 | Sunnyslope LAN Wiring Description | Physical Topology | District IP Addressing Scheme Overview | District Subnet, IP & IPX Addressing Scheme Details | Sunnyslope LAN Addressing Scheme | District WAN Description | Interface IP addressing | Router Configs | Network Security Description | Networking Equipment Details | Desktop Equipment Details | Sunnyslope School Server Details | Equipment Requirements and Costs | Pros and Cons of Design | Miscellaneous Design Details | Learning Objectives

Network Security Description

Sunnyslope School LAN.

As stated in the requirements, the only traffic from the Curriculum (C) network permitted on the Administration (A) network is DNS and email.

This restriction is achieved by applying Access Control Lists (ACL) to the router interfaces, which permit or deny traffic through the interface. As there is not a complete restriction on traffic from the C network, extended access lists are required.

Access-list 101 is applied to the E0 interface in the outbound direction and permits only traffic from the C network to access the NOS, DNS and email server at 130.10.6.159. All other traffic from the C network is discarded. No other restrictions apply.

Access-list 102 is applied to the S0 interface in the outbound direction and restricts traffic from the C network to WWW, SMTP and DNS only. No other restrictions apply.

sunnysloperouterdiagram.jpg

A User ID and Password Policy will be published and strictly enforced on all networked computers.

Washington Elementary School District Wan and Internet.

Access-list 101 on the Firewall router is applied in an outgoing direction to both interfaces allowing only DNS, email and www traffic to pass through the router.

Access-list 101 on the Phoenix COA router is applied in an incoming direction to the E2 interface allowing only traffic which is established (i.e. has the ACK or RST bit set) to pass from the Internet to the WESD network. Applying the access control list in the incoming direction means that only traffic coming from the Internet is filtered. Thus internal traffic passing through the router will not be affected.

firewalldiagram.jpg