internal security domains

Russell Fulton r.fulton at auckland.ac.nz
Wed Sep 24 23:36:34 GMT 2003


Hi Folks,
	 We are currently looking at developing some 'generic' mechanisms for
partitioning our internal networks into security domains, rather than
dealing with each case as it arises on an ad-hoc basis.

There are some obvious strategies involving VLANs, firewalls etc, but
what I am really interested in is if anyone else has come up with a good
set of tools (commercial or free) that they automatically reach for when
the need arises.  

Of course having a basic strategy worked out does not mean that one can
avoid the preliminary analysis so one need to be very clear about
exactly what one is trying to achieve with the segregation and why.

The sorts of problems we are trying to address are:

      * Protecting the 'business infrastructure'.
      * Protecting critical 'commercially orientated' research
        facilities.
      * Managing interconnection between partner's high speed (Gbit)
        networks -- we are developing a technology park at one of our
        campuses
      * managing connections to commodity Internet as well as national
        GB research  network.

Any thoughts welcome!

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.



More information about the unisog mailing list