<mshines @
ia .
purdue .
edu> Michael S. Hines wrote:
>of the house, we are linking computers together over the same
>communications lines (fibre, copper, etc on ethernet, token ring, etc)
>using the same communications protocol (TCP/IP is becoming defacto
>standard). In this environment, we only want authorized users accessing
>the administrative applications (we hardly protect academic integrity if
>students can alter their grades and grant themselves degrees). In this
>case, we do want firewalls between the universe of users and the
>applications. In fact, what we want is two nets...an open net and a
>protected net running on the same infrastructure. The firewall is the
>classical answer to this need.
If you have a need to two different networks with two different purposes
(one - an open academic network for research, etc., the other an internal
production network for administrative systems and MIS) why not set them
up as different physical networks (with their own cables and fiber connections,
their own bridges and routers, etc.) and put a firewall between the two of
them???
$$$$$ of course :-)
But it seems logical (if expensive) to me. It is what I'd recommend if
asked to try to implement a network with two almost contradictory
missions. There are precedents for running parallel networks (e.g. a
hospital environment where you may have a need for a network with
real-time deterministic behaviour - such as a critical care patient
monitoring system - as well as a network for normal administrative
functions - billing, patient records, etc. In the case of a hospital both
would need to be very secure however!). I would hope that hospitals don't
skimp on the required equipment just because of costs...
- Morrow
|
|
