Quick Links

Donate Now
Become A Member
Connect With Us
Friends of CTLS
Membership Directory
Newsletters
Latest Youth News Performers List
Professional Collection
Discussion Lists
OWA

Segmenting a Network

How to make you library’s network more secure for under $1000

Many libraries have this configuration:

This is network setup allows the public users to see all the staff PCs and servers, and increases the chances of staff computers being hacked or otherwise corrupted.

An inexpensive way to make the library’s staff network more secure is to divide the network into a staff segment and a public segment.  The budget for this is usually about $200 – $750.  Here is a list of the equipment you will likely need, if you current network configuration matches what I have described above:

– Small 4 port switch ($30 – $70),

– Second router ($50 – $150

– Another large switch ($150 – 500 for 24-ports) to handle the new segment of computers

Using this equipment, your libraries network will be segmented like this:

Once you have purchased and physically installed this equipment, you will need to configure each router.   Configuring routers is a subject we have covered in recent workshops, so there is really no way to cover it in a short article.  However, below are the basics.  Your actual number will be different, depending on the size of your library and how your current router is configured.

Router #1

(connected to Modem, serves both public and staff)

SSID:  Sample Public Library

Network number (WAN address): XXX.XXX.XXX.XXX (you get this from you ISP, internet service provider)

Subnet mask: 255.255.255.0

Router IP address (LAN address): 192.168.1.1

DHCP range: 192.168.1.50 – 192.168.1.100

All the Public PC’s will get IP addresses that look like this: 192.168.1.X, where X is a number from 50 to 100.  Printers and router #2 will be assigned static IP addresses that are outside of the DHCP range.

Router #2

(connected to switch that is connected to a port on Router #1, serves only the library STAFF)

SSID: Sample Public Library Staff

Network number (WAN address): 192.168.1.2 ß a static IP address, outside of the DHCP range of Router #1

Subnet Mask: 255.255.255.0

Router IP address (LAN address): 192.168.2.1

DHCP range: 192.168.2.50 – 192.168.2.100

All the Staff PC’s will get IP addresses that look like this: 192.168.2.X, where X is a number from 50 to 100.  Staff printers and servers will be assigned static IP addresses that are outside of the DHCP range.