Various methods, which protect computer networks from attacks coming from the outside of universities, are built in many universities. However, it seems that protections from attacks, which come from the inside of universities, are not built in. Mie University separated its internal network in order to enhance the network security for attacks from the inside of university. This paper introduces many problems that happened at the implementation and shows the solutions adopted for each problem.The internal networks constructed with separation are LAN for students, LAN for researchers, LAN for officers, LAN for co-operations and LAN for neighbor inhabitants. The implementation method is that uses VLAN techniques and uses a barrier segment.The happened problems are Oracle NAT translation problems, FNA protocol problems, user authentication problems for information outlet system, restricted usage problems for visitors and so on. The most troubled point is that two WAN lines between a distant place and my information center are needed because the network in a distant place has to be separated with LAN for researchers and LAN for officers. However, merits are larger than the demerit. This implementation costs cheaply and can maintain the separated networks as a unit because they use network routers in common. So I recommend this method by any means and I hope that the solutions for restricted usage problems for visitors etc. become helpful to many university network administrators.
View full abstract