Acta Univ. Agric. Silvic. Mendelianae Brun. 2013, 61(4), 1077-1087 | DOI: 10.11118/actaun201361041077

Design, implementation and security of a typical educational laboratory computer network

Martin Pokorný, Petr Zach
Department of Informatics, Mendel University in Brno, Zemědělská 1, 613 00, Brno, Czech Republic

Computer network used for laboratory training and for different types of network and security experiments represents a special environment where hazardous activities take place, which may not affect any production system or network. It is common that students need to have administrator privileges in this case which makes the overall security and maintenance of such a network a difficult task. We present our solution which has proved its usability for more than three years. First of all, four user requirements on the laboratory network are defined (access to educational network devices, to laboratory services, to the Internet, and administrator privileges of the end hosts), and four essential security rules are stipulated (enforceable end host security, controlled network access, level of network access according to the user privilege level, and rules for hazardous experiments), which protect the rest of the laboratory infrastructure as well as the outer university network and the Internet. The main part of the paper is dedicated to a design and implementation of these usability and security rules. We present a physical diagram of a typical laboratory network based on multiple circuits connecting end hosts to different networks, and a layout of rack devices. After that, a topological diagram of the network is described which is based on different VLANs and port-based access control using the IEEE 802.1x/EAP-TLS/RADIUS authentication to achieve defined level of network access. In the second part of the paper, the latest innovation of our network is presented that covers a transition to the system virtualization at the end host devices - inspiration came from a similar solution deployed at the Department of Telecommunications at Brno University of Technology. This improvement enables a greater flexibility in the end hosts maintenance and a simultaneous network access to the educational devices as well as to the Internet. In the end, a vision of a system of virtual machines preparation and automated deployment tailored for our needs is briefly outlined.

Keywords: computer networks, network security, education, laboratory network, operating system virtualization
Grants and funding:

The equipment of the Laboratory of computer networking at the Department of Informatics FBE MENDELU was funded with the following projects: FRV© 1756/2011/A/b - Rozvoj laboratoře pro výuku předmětů se zaměřením na počítačové sítě a operační systémy. FRV© 2578/2009/A/b - Vybavení laboratoře pro výuku předmětů se zaměřením na operační systémy a počítačové sítě, FRV© 2639/2007/F1/a - Inovace praktické náplně předmětu Počítačové sítě a předmětů souvisejících, FRV© 743/2007/F1/a - Inovace předmětu Bezpečnost informačních systémů, and from the departmental fundings.

Received: March 4, 2013; Published: July 13, 2013  Show citation

ACS AIP APA ASA Harvard Chicago IEEE ISO690 MLA NLM Turabian Vancouver
Pokorný, M., & Zach, P. (2013). Design, implementation and security of a typical educational laboratory computer network. Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis61(4), 1077-1087. doi: 10.11118/actaun201361041077
Share...
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. ABOBA, B. et al., 2008: Extensible Authentication Protocol (EAP) Key Management Framework. RFC 5247 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    2. ABOBA, B., 2003: IANA Considerations for RADIUS (Remote Authentication Dial In User Service). RFC 3575 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    3. AULEHLOVÁ, B., POKORNÝ, M., ZACH, P., 2012: Implementace virtualizovaných výukových stanic v Sí»ové laboratoři ÚI PEF MENDELU. [CD-ROM]. Brno: PEF MENDELU. In: PEFnet 2012. 1-11. ISBN 978-80-7375-669-7.
    4. CISCO.COM, 2013: Catalyst 2960 and 2960-S Switches Software Configuration Guide [online]. Cisco Systems, Inc. [cit. 2. March 2013]. Accessible on the Internet:
    5. JELÍNEK, M., KOMOSNÝ, D., HOMOLKA, J., HRABAL, Z., SOUMAR, M., VERNER, L., 2010: Správa počítačových učeben na vysokých ąkolách. Elektrorevue - Internetový časopis (http://elektrorevue.cz) [online]. 31: 1-5. ISSN 1213-1539. [cit. 2. March 2013]. Accessible on the Internet:
    6. KUNDEROVÁ, L., MOTYČKA, A., POKORNÝ, M., SERAFINOVIČ, P., 2009: Nové sí»ové technologie na PEF MZLU v Brně. In: UNINFOS 2009 (Univerzitné informačné systémy) Zborník príspevkov z medzinárodnej konferencie. Nitra: SPU Nitra, 167-172. ISBN 978-80-552-0309-6.
    7. LEELANIVAS, M. et al., 2003: Graceful Restart Mechanism for Label Distribution Protocol. RFC 3748 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    8. MATZINGER, R., 2013: VlizedLab Project - An Open Source Solution for Running PC Labs in Schools and Educational Institutions [online]. Matzinger [cit. 2. March 2013]. Accessible on the Internet:
    9. MORÁVEK, P., VERNER, L., KOMOSNÝ, D., 2010: Automated configuration of network devices for laboratory purposes. In: Sborník konference NEW INFORMATION AND MULTIMEDIA TECHNOLOGIES - NIMT 2010. Brno: VUT Brno. 1-4. ISBN 978-80-214-4126- 2.
    10. NELSON, D. et al., 2007: Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes. RFC 5080 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    11. ORACLE.COM, 2013: Oracle VM VirtualBox®. User Manual [online]. Oracle Corporation [cit. 3. March 2013]. Accessible on the Internet:
    12. REKHTER, Y. et al., 1996: Address Allocation for Private Internets. RFC 1918 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    13. RIGNEY, C. et al., 2000: Remote Authentication Dial In User Service (RADIUS). RFC 2865 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...
    14. SIMON, D. et al., 2008: The EAP-TLS Authentication Protocol. RFC 5216 [online]. The Internet Society [cit. 2. March 2013]. Accessible on the Internet: Go to original source...

    This is an open access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY NC ND 4.0), which permits non-comercial use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content