What is the most sensible and non expensive way to separate the student and teachers areas of a secondary school LAN
Here in Norway, the school authorities recommend that we use two separate networks for students and teachers.
But is that really necessary?
Isn't it enough with a single 2003 server domain, well set up group policies and permissions? A password on the bios. Use a group policy to force student PCs to log onto the domain. (although I'm not sure how to hinder student access at the dos level)
We have a small school with only 35 computers. Both students and teachers need access to the internet from one broadband connection.
Since we are not running any web or email servers out to the public internet, is it really necessary to buy a hardware firewall? They are so expensive. We just have a basic NAT broadband modem.
If we have two separate networks, then as far as I understand, we will need 2 servers instead of one, and a hardware firewall with 2 or 3 legs to separate the two networks whilst giving both access to the internet. All of this is going to be much more expensive!!
What do you guys do in other SMALL schools???
I would really value some well informed advice on how to set it up, from those of you in the know.
But is that really necessary?
Isn't it enough with a single 2003 server domain, well set up group policies and permissions? A password on the bios. Use a group policy to force student PCs to log onto the domain. (although I'm not sure how to hinder student access at the dos level)
We have a small school with only 35 computers. Both students and teachers need access to the internet from one broadband connection.
Since we are not running any web or email servers out to the public internet, is it really necessary to buy a hardware firewall? They are so expensive. We just have a basic NAT broadband modem.
If we have two separate networks, then as far as I understand, we will need 2 servers instead of one, and a hardware firewall with 2 or 3 legs to separate the two networks whilst giving both access to the internet. All of this is going to be much more expensive!!
What do you guys do in other SMALL schools???
I would really value some well informed advice on how to set it up, from those of you in the know.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It is not necessary to have an expensive hardware firewall: use a cheap PC with two NICs and install Smoothwall on it. It is really simple to set up even if you don't know anything about Linux, free (and Open Source) and has a great documentation.
http://www.smoothwall.org/
http://www.smoothwall.org/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Isn't a single 2003 domain, with one subnet, secure enough to stop secondary students gaining access to teacher computers.
And do we really need an expensive hardware firewall when we have no web server or mail server? (I have used Zonealarm, Adaware, Winpatrol, etc..... ) But only Winpatrol is free for use in a school setting.