Various methods, which protect computer networks from attacks coming from the outside of universities, are built in many universities. However, it seems that protections from attacks, which come from the inside of universities, are not built in. Mie University separated its internal network in order to enhance the network security for attacks from the inside of university. This paper introduces many problems that happened at the implementation and shows the solutions adopted for each problem.The internal networks constructed with separation are LAN for students, LAN for researchers, LAN for officers, LAN for co-operations and LAN for neighbor inhabitants. The implementation method is that uses VLAN techniques and uses a barrier segment.The happened problems are Oracle NAT translation problems, FNA protocol problems, user authentication problems for information outlet system, restricted usage problems for visitors and so on. The most troubled point is that two WAN lines between a distant place and my information center are needed because the network in a distant place has to be separated with LAN for researchers and LAN for officers. However, merits are larger than the demerit. This implementation costs cheaply and can maintain the separated networks as a unit because they use network routers in common. So I recommend this method by any means and I hope that the solutions for restricted usage problems for visitors etc. become helpful to many university network administrators.
We are developing an authentication system, Opengate, for public terminals, wired and wireless mobile terminals carried by users. At the first WWW request by user, Opengate shows an authentication form to the WWW browser and controls a firewall system. The important feature of the system is that the system does not require any setting on user’s terminals and any registrations except usual user registrations. Many systems should be operated over whole campus, because users use the network with their mobile terminals.To reduce the cost for operation, we suggest an operation method with diskless boot mechanism. By the diskless operation method, we can reduce the cost for introducing and operating the system. It also simplifies the procedure for maintaining the system and collecting user logs.
This paper describes details of environment of the educational computer system introduced in University of Tsukuba in April 2001. In this system, UNIX servers process major and important procedures such as account management, authentication, mail services and file services. On the other hand, for student users, Windows clients are provided as a comprehensive and easy-to-use computer environment. The UNIX servers and the Windows clients are totally integrated in this system. Consequently, the system succeeds to implement stability and usability simultaneously.