Design, implementation and security of a typical educational laboratory computer network

Martin Pokorný and Petr Zach
Additional contact information
Martin Pokorný: Department of Informatics, Mendel University in Brno, Zemědělská 1, 613 00, Brno, Czech Republic
Petr Zach: Department of Informatics, Mendel University in Brno, Zemědělská 1, 613 00, Brno, Czech Republic

Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, 2013, vol. 61, issue 4, 1077-1087

Abstract: Computer network used for laboratory training and for different types of network and security experiments represents a special environment where hazardous activities take place, which may not affect any production system or network. It is common that students need to have administrator privileges in this case which makes the overall security and maintenance of such a network a difficult task. We present our solution which has proved its usability for more than three years. First of all, four user requirements on the laboratory network are defined (access to educational network devices, to laboratory services, to the Internet, and administrator privileges of the end hosts), and four essential security rules are stipulated (enforceable end host security, controlled network access, level of network access according to the user privilege level, and rules for hazardous experiments), which protect the rest of the laboratory infrastructure as well as the outer university network and the Internet. The main part of the paper is dedicated to a design and implementation of these usability and security rules. We present a physical diagram of a typical laboratory network based on multiple circuits connecting end hosts to different networks, and a layout of rack devices. After that, a topological diagram of the network is described which is based on different VLANs and port-based access control using the IEEE 802.1x/EAP-TLS/RADIUS authentication to achieve defined level of network access. In the second part of the paper, the latest innovation of our network is presented that covers a transition to the system virtualization at the end host devices - inspiration came from a similar solution deployed at the Department of Telecommunications at Brno University of Technology. This improvement enables a greater flexibility in the end hosts maintenance and a simultaneous network access to the educational devices as well as to the Internet. In the end, a vision of a system of virtual machines preparation and automated deployment tailored for our needs is briefly outlined.

Keywords: computer networks; network security; education; laboratory network; operating system virtualization (search for similar items in EconPapers)
Date: 2013
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
http://acta.mendelu.cz/doi/10.11118/actaun201361041077.html (text/html)
http://acta.mendelu.cz/doi/10.11118/actaun201361041077.pdf (application/pdf)
free of charge

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:mup:actaun:actaun_2013061041077

DOI: 10.11118/actaun201361041077

Access Statistics for this article

Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis is currently edited by Markéta Havlásková

More articles in Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis from Mendel University Press
Bibliographic data for series maintained by Ivo Andrle ().