I would do some research on how this is done in university dorms and such. Search on "ResNet" - the usual term for that type of setup.
Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: Charlie Kaiser [mailto:[email protected]] Sent: Thursday, January 31, 2013 8:38 AM To: NT System Admin Issues Subject: Multi-tenant campus security Hi all. Working with a client that runs a variety of real estate locations, leasing space to tenants. Locations are large. The new one that's being built out covers close to 50 acres. There will be a bunch of tenants, ranging from small (2-10) to large (1,000-2,000) users per tenant. Building management will be providing networking as a service, with Avaya phones, IP, and internet for clients. All clients will be logically isolated from all others but will be on the same switch fabric and use the same internet pipe. I lose sleep over these types of implementations. I seem to be the only one who is highly concerned about security threats. We have some very good networking guys doing the routing/switching/firewall stuff, but there are still obviously significant security concerns. It's trivial for a tenant on the inside to set up bad guy stuff and start pounding on the internal network. The Cisco guys are much more focused on outside-to-inside security. I'm looking for good info on internal networking security in this sort of implementation. My google-fu isn't working. Most of the multi-tenancy stuff I'm finding is geared towards virtualization, cloud services, and the like. My AOO will include providing DHCP for the VoIP phone system and all the data VLANs. I also need to advise on internal security and isolation. So I'm trying to find good resources on those sorts of thing. I'm also thinking we should have some sort of IDS/IPS on the internal network to stop or at least flag the internal hacker. Any recommendations along those lines? One more thing if that's not enough... As management is selling per-port networking services, is there any way to identify or prevent someone from plugging in router inside their subnet and adding ports? TIA *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
