Question : Network setup, your opinion

Our current network setup is of 3 networks, DMZ, Staff, Student.  During the school year in our computer labs (which is on the Student network) if we wanted to train staff, we generally have to change the machines over to the Staff net (which entails, dis-joining and joining, changing switch ports to get proper IP, etc) it is a hassle to say the least.  The thought this year was to have one network, but a concern has been raised about security.  Securing that students do not have access to staff files.  Was looking for your opinion on this, are Windows permissions sufficient?  How do other school IT folks using Windows infrastructure have their networks set up, etc.
Thank you

Answer : Network setup, your opinion

you said:
"I have setup the openVPN server and It is working fine in all the way. "

it is the same configuration. there is one line in that file, you just need to search for the word "7505"

This is the line I have on one server, at /etc/openvpn/server.conf
# Enable the management interface
management 0.0.0.0 7505

HOWEVER there is a good reason why you should bind your management port to the localhost ip (127.0.0.1): THERE IS NO AUTHENTICATION YET.

please read this:
"The management protocol is currently cleartext without an explicit security
layer.  For this reason, it is recommended that the management interface
either listen on localhost (127.0.0.1) or on the local VPN address.  It's
possible to remotely connect to the management interface over the VPN
itself, though some capabilities will be limited in this mode, such as the
ability to provide private key passwords."

"Future versions of the management interface may allow out-of-band
connections (i.e. not over the VPN) and secured with SSL/TLS."

-----
Hope that helps
Gabriel
Random Solutions  
 
programming4us programming4us