Acceptable Use Policies and Private Networks

Status
Not open for further replies.

lemri

Posts: 9   +0
I can't seem to find any information on this. I am at a k-12 school where the school district has a pretty strict Acceptable use Policy.

I am wanting to set up my school on VPNs and I want to use Private Addressing to separate the different virtual network subnets. I like the flexibility and security.

The district is poo pooing the idea because they say the APU will be harder to enforce with private networks.

Surely there is a way to identify authenticated users on private networks? What do other schools/businesses do if they want to enforce their APU and have a private network?

Or will my only option be to subnet one of our IP ranges? I don't want to subnet, but I guess I could.

Right now I have 2 non-contiguous Class C ranges that are used on all 300 of our computers via DHCP, 1 router, and 4 big switches. I need to get a more efficient network.
 
lemri said:
I can't seem to find any information on this. I am at a k-12 school where the school district has a pretty strict Acceptable use Policy.

I am wanting to set up my school on VPNs and I want to use Private Addressing to separate the different virtual network subnets. I like the flexibility and security.

...

Surely there is a way to identify authenticated users on private networks? What do other schools/businesses do if they want to enforce their APU and have a private network?

Or will my only option be to subnet one of our IP ranges? I don't want to subnet, but I guess I could.

Right now I have 2 non-contiguous Class C ranges that are used on all 300 of our computers via DHCP, 1 router, and 4 big switches. I need to get a more efficient network.
Authenticating users occurs at LOGIN time and this is your major access control.

Placing the VPN on a special subnet is a great idea as you can enforce special
rules and extra logging.

Making an Acceptable Use Policies(AUP) , posting it and informing the user
community that it will be monitored and enforced is the first step.
As they are only paper -- they have to be enforced to have any real teeth.

something like this
Code:
ISP --- permiter firewall --- major router --- switch --- infrastructure users
                                        |
                                        |port fwd vpn ports
                                        |
                                        V
                                     minor switch --- VPN services --- vpn users
will give you access control and auditing
 
Status
Not open for further replies.
Back