Source: http://sit.fbk.eu/networks
Carel Dulos Bs InfoTech 2-A
Mark Espanola Bs InfoTech 2-A
Kenn Sakakibara Bs InfoTech 2-A
The SIT provides users with different types of networks: trusted, untrusted and DMZ.
Systems on the trusted and untrusted networks can only be accessed from inside the networks themselves and cannot therefore provide external services. Any exceptions must be discussed with the System Administrators.
Systems on the trusted and untrusted networks can only be accessed from inside the networks themselves and cannot therefore provide external services. Any exceptions must be discussed with the System Administrators.
Trusted networks
Trusted networks are high‐security environments with direct access to all facilities for storage, calculations, printing, etc. This category includes the Ethernet network and the FBKWf WiFi network. In order to guarantee an adequate level of security, only centrally‐managed computers are authorised to connect to these networks directly.
Users are authenticated centrally on a LDAP server with their access credentials for the trusted networks.
Users are authenticated centrally on a LDAP server with their access credentials for the trusted networks.
These networks are accessible in two ways:
- using ethernet sockets located in any FBK office;
- connecting to the wireless network FBKWf.
Any centrally-managed computer is configured to automatically connect to these networks, therefore no user's intervention is required.
Untrusted networks
Untrusted networks are environments with a lower security level, with indirect access to facilities for storage, calculation and printing, etc. This category includes the FBKWfGuest WiFi network. This network can be accessed by all computers not managed centrally, whether privately owned or owned by the FBK, provided they comply with the minimum security measures indicated in Legislative Decree no. 196/03. Users are authenticated centrally on a RADIUS server solely for internet access, in compliance with Law no. 155 of 31 July 2005.
These networks are accessible via wireless connecting to GuestsFBK, in Open mode. In order to gain access to the Internet or to the trusted network an authentication on https://wfgate.fbk.eu is required. Access is granted when providing user's credentials for the trusted networks or user's credentials for the untrusted networks.
DMZ networks
Direct connection to the DMZ networks is restricted to servers that provide external services. In order to guarantee an adequate level of security, these networks may only be accessed by servers managed centrally by System Administrators and on which they are authorised to make changes that require Administrator or Root User privileges. Users who want to provide external services may ask the System Administrators to connect dedicated servers to the DMZ networks or request the use of shared resources.
The DMZ networks are not directly accessible from the users' PC.
No comments:
Post a Comment