University department network configuration help.
Posted on 2005-04-20
Hi everyone. Once again I am requesting help here to get a project done that was assigned to me. I hope I can get some good feedback as in the past to start working on the assignment. I will explain the current setup in the simplest possible way and the requirements at the end of the message:
I work for a department in a college where the campus is an entire building (in NY).
My department has offices in the 3rd and 9th floor.
The main college IT department has control over the wires, routers, DNS, DHCP, SMTP on the entire building
Our main department has offices on the 9th floor where we setup a sub domain using Microsoft Active Directory. We run MS Exchange 2003, Windows Server 2003 and have a whole bunch of web servers.
Our department has just under 300 workstations
We have 2 DNS servers to help in name resolution in our department. These DNS servers forward requests to the main college DNS as well, but serve fine our purpose of internal name resolution within our sub domain.
We have setup 2 VPN server in 2 separate Windows Server 2003 machines to access our internal subnet from outside and use MS Exchange; we are also testing RPC over HTTP.
Our subnet and thus, our entire network is outside the DMZ zone. The college IT department has allowed that our servers be on the open because we manage our own security.
The 3rd floor offices connect to our servers on the 9th floor by using VPN as well because the 3rd floor is within the College Firewall and inter-floor communication is blocked due to the nimbda virus and all other worms that came out last year. Port 135 is definitely blocked and will not be opened by the college IT department by any means.
1) The 3rd floor computers keep disconnecting all the time and access to files, databases, Exchange server, etc is interrupted throughout the day. This causes major conflicts and loss of data very frequently.
2) Because we do not manage our own DHCP, we cannot control the use of laptops in the department. People come to the laboratories with their home laptops and download all kind of junk (porn, mp3, videos, games, etc).
3) Since it is very easy to install a Wireless router, most lab people have purchased these and plug them into a RJ45 jack to begin IP distribution to all wireless users who pick up the signal
1) We need to implement a more steady solution for the 3rd floor offices to connect to our network. What do you suggest ?
2) We need to find a way to control the use of network users who come in and plug their laptops.
3) We need to implement an authentication scheme to control the use of Wireless clients who are not authorized by us. I am thinking about using smart cards or 802.1x type of authentication. We can go to all the labs and setup passwords and WEP on all devices, but it would be nice to have a centralized authentication setup in the domain using some type of GPO.
4) We need to implement an authentication scheme to control the use of Laptop users who bring computers from home. I am thinkng the same as in No. 3 above, but I just need some help in determining if this is the best solution and how we could implement it.
You have to take into consideration the following before your post your suggestions:
The college IT department WILL NOT help us in any way. They will not allow control of DHCP to use, which will be useful to control IP addresses by MAC addresss.
The college IT department WILL NOT configure routers in any way to accomodate any request from us. We are on our own and these are the only tools we have.
I have not read much about these topics because I would like to get some ideas from anyone of you who is willing to help me with this before I begin my search. I can then read your reference guides or get more information on any lead you can provide.
Thank you for your help.