WIth events such as the recent SQL Slammer worm, security has remained a major topic of discussion among networking technology experts.
But the IT director of one business school, HEC Montreal, freely admits that his organization relies mainly on the good old-fashioned user name and password
and doesn’t even use firewalls.
“”We have implemented security a bit differently than most private companies would do,”” said Paul Mireault, HEC Montreal’s director of technologies.
Instead of using a firewall, the school uses an access control list in order to prevent outside users from accessing important servers.
HEC (Ecole des hautes etudes commerciales of Montreal), which offers 31 undergraduate and graduate management study programs, has more than 8,000 ports in its buildings for students who need to plug in their notebook PCs. About 4,500 students have laptops.
Students who log in have access to the Internet, Mireault said, adding IT staff use intrusion detection to detect “”abnormal”” behaviour.
“”In a university environment, you have to balance ease of access with security,”” Mireault said. “”We’re not a high-tech company, where industrial espionage is an issue. We’re just a business school.””
DIVIDING THE NETWORK INTO SEGMENTS
HEC is in the process of implementing authenticated virtual local-area networking (VLAN) technology from Alcatel SA. School officials plan to set up a primary address server, which will identify users with permission to access certain machines. The VLAN is designed to divide the network into segments that correspond to each user’s access privileges.
The school also plans to upgrade its Alcatel core switches this summer, from the OmniCore 5052 to the OmniSwitch 7800.
The OmniSwitch 7800 is an 18-slot module chassis with a fabric capacity of 128 Gbps, whereas the OmniCore 5052 has a backplane capacity of 52 Gpbs.
A key feature of the 7800 is “”smart continuous switching,”” which is designed to switch the system over to a hot standby module if a management/fabric module fails. Alcatel states Level 2 and 3 traffic, including voice, will continue without interruption.
HEC plans to install three 7800s this summer — two in the main building and a third in the secondary campus. One of the 7800s will be used as a primary while the other will be on standby in case the primary fails.
The two OmniCore 5052s currently in use at the main campus are designed to be redundant, Mireault said.
“”All the nodes on our system have double roots, so if ever one machine goes down, we can still serve all our users.””
WHEN ALL 60 STUDENTS LOG ON AT THE SAME TIME
One of the reasons for the upgrade is to bring 10 Mbps of dedicated bandwidth to each port.
“”We have some areas where you have a classroom with 60 or 70 students and you want to have fast access to the Internet,”” Mireault said. “”At the moment, if they all press Enter at the same time, their bandwidth gets shared, a