Keeping a boy's school network free from internal and external intrusions is no mean feat according to St Ignatius College manager of information services, David Hayes. With 1535 students (345 of which are boarders) and 260 staff at the school on Sydney's lower north shore, Hayes is realistic about the sort of IT security challenges teenage boys present.
"They love to experiment. At the moment thumb-drives are a big problem, especially with sneakernet [swapping files using portable media]. [Thumbdrives] are bootable, that's why we have to use edge control," Hayes says.
Hayes defines edge control as the ability to switch off or control user access from any given port on the network, a departure from the traditional method of users authenticating by plugging into a port first and then authenticating their ID off a server.
"You can't do anything until you authenticate to that port – physically on the switch port," Hayes muses, noting that he has found attempts to set up unauthorised proxy servers in addition to the nearly ubiquitous enthusiasm among teenagers for P2P MP3 file-swapping systems.
"We use Check Point at the application layer to police [filesharing]… it comes up all the time," Hayes notes, adding that each student is given an allowance of 100MB a month for legitimate academic pursuits.
Despite what would appear to many to be a fertile environment for threat, Hayes says he had no qualms about rolling out wireless access on 802.11b for boarders as early as 2000, complemented by a dedicated VPN for day students and their parents to access course materials from home.
This included distributing the required software and licences to external users, who are required to abide by an appropriate use policy when logged in.
For the students, the VPN also means their parents can remotely check due dates for assignments and homework in real-time…an innovation some students must surely feel they can live without.
The St Ignatius network consists of 45 servers running over a 1GB/sec Ethernet backbone with 100MB/sec switches to 500 desktops running Windows XP, Novell Netware 6.5 and Windows Server 2000.