IDEAS home Printed from https://ideas.repec.org/a/mup/actaun/actaun_2013061041077.html
   My bibliography  Save this article

Design, implementation and security of a typical educational laboratory computer network

Author

Listed:
  • Martin Pokorný

    (Department of Informatics, Mendel University in Brno, Zemědělská 1, 613 00, Brno, Czech Republic)

  • Petr Zach

    (Department of Informatics, Mendel University in Brno, Zemědělská 1, 613 00, Brno, Czech Republic)

Abstract

Computer network used for laboratory training and for different types of network and security experiments represents a special environment where hazardous activities take place, which may not affect any production system or network. It is common that students need to have administrator privileges in this case which makes the overall security and maintenance of such a network a difficult task. We present our solution which has proved its usability for more than three years. First of all, four user requirements on the laboratory network are defined (access to educational network devices, to laboratory services, to the Internet, and administrator privileges of the end hosts), and four essential security rules are stipulated (enforceable end host security, controlled network access, level of network access according to the user privilege level, and rules for hazardous experiments), which protect the rest of the laboratory infrastructure as well as the outer university network and the Internet. The main part of the paper is dedicated to a design and implementation of these usability and security rules. We present a physical diagram of a typical laboratory network based on multiple circuits connecting end hosts to different networks, and a layout of rack devices. After that, a topological diagram of the network is described which is based on different VLANs and port-based access control using the IEEE 802.1x/EAP-TLS/RADIUS authentication to achieve defined level of network access. In the second part of the paper, the latest innovation of our network is presented that covers a transition to the system virtualization at the end host devices - inspiration came from a similar solution deployed at the Department of Telecommunications at Brno University of Technology. This improvement enables a greater flexibility in the end hosts maintenance and a simultaneous network access to the educational devices as well as to the Internet. In the end, a vision of a system of virtual machines preparation and automated deployment tailored for our needs is briefly outlined.

Suggested Citation

  • Martin Pokorný & Petr Zach, 2013. "Design, implementation and security of a typical educational laboratory computer network," Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, Mendel University Press, vol. 61(4), pages 1077-1087.
    • Handle: RePEc:mup:actaun:actaun_2013061041077
    DOI: 10.11118/actaun201361041077
    as

    Download full text from publisher

    File URL: http://acta.mendelu.cz/doi/10.11118/actaun201361041077.html
    Download Restriction: free of charge
    File URL: http://acta.mendelu.cz/doi/10.11118/actaun201361041077.pdf
    Download Restriction: free of charge
    File URL: https://libkey.io/10.11118/actaun201361041077?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Petr Zach & Martin Pokorný & Jiří Balej & Michal Šturma, 2015. "Controlling Multiple Virtual Machines in Computer Classrooms," Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, Mendel University Press, vol. 63(2), pages 683-691.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:mup:actaun:actaun_2013061041077. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Ivo Andrle (email available below). General contact details of provider: https://mendelu.cz/en/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.