What does this mean? This means that while there is a WAN in place, users in one school cannot access file servers, printers, financial services, or any other service that may be connected to the WAN.
In summary, the recommended improvements to the District Wide Area Network are:
•Install a fibre line from Central Office to the Notre Dame Elementary School;
•The Mackenzie River and St. Dominic Elementary Schools should be connected to the Assumption Jr/Sr High School, not DSI;
•The connection from Bonnyville to Cold Lake should be to the Assumption Jr/Sr High School, not DSI;
•Install Ethernet (10base2) outside cable from Assumption Jr/Sr High School to the Deputy Superintendent’s Office; and
•Install a Firewall between the Assumption Jr/Sr High School and the DSI for the Internet uplink.
13.1 Firewalls
Internet access to schools has become a priority in recent years. There are many incredible uses and applications for the Internet in schools. However, these developments also come with drawbacks. One of them is security. If your schools are able to get out into the Internet, then theoretically the Internet can get back
in. Which means that it is possible for users outside to access information that should be unavailable to them. This can create many potential problems. It is conceivable that student records and financial data can be accessed from outside the District by unauthorized persons.
In order to prevent these unwanted actions, a product called a firewall is installed. Essentially, a firewall allows users inside the network to see the outside world, but the outside world can’t see into the network. Firewalls can be relatively inex- pensive, but also very costly. They can be a piece of software installed onto a com- puter, or they can be a standalone box or appliance. Regardless, they all attempt to do the same thing, prevent unwanted outside user activity.
Satellite systems are said to be very safe, because the only data that is allowed in, is data that is requested previously by a user. However, most people don’t realize that the uplink to the satellite is extremely vulnerable, and the uplink works both ways. This uplink can be a direct telephone line into an ISP, or it can
be some other connectivity to the ISP itself.
In the District, the uplink is a direct network connection to DSI in Cold Lake. THERE IS NO FIREWALL OR PROTECTION OF ANY SORT PREVENTING DATA ACCESS FROM
Why is this important? Without all three, you cannot have e-mail, as your com- puter cannot see a central e-mail server that is not in the school. If you have all three, the SASI system could talk to itself and exchange data automatically, on-the fly, at any time without changing disks or CDs. The ATHENA library system could talk to all other sites. (Which would allow users in any school, to look up and re- quest books from any other school) Servers at remote sites could be remotely ad- ministered by technical staff from any other site.
In the District, the computer systems are setup to only receive the IP address, and not the subnet mask, or the default gateway. In order for the District to maximize the use of their WAN, these must be changed. After all, a WAN becomes much more valuable when it is used for more than just Internet access.
Recommendations:
1. Notre Dame Elementary WAN connection should be changed to a buried fibre optic cable. This will allow for cheaper, cleaner, faster, and better network connec- tivity.
2. Serious investigation should be undertaken to determine the potential of a wire- less network connection between Bonnyville and Cold Lake. There is a potential major cost savings on an ongoing basis.
3. Assumption School should become the hub school for the Cold Lake schools. The connection from Central Office in Bonnyville should terminate at the school, and all other schools should connect wirelessly to Assumption. DSI should be used strictly for the Internet uplink, and a firewall should be installed between Assumption and DSI to prevent unwanted visitors and traffic on the WAN
4. The District should recognize that their Internet connection, while stable, is only 400Kb/s and cannot be upgraded. other technologies may have to be looked at in the near future.
5. All TCP/IP addressing must be updated to include IP address, subnet mask, and a default gateway to allow better use of the WAN.
!
111