If we attempted to provide secure network access with the previous NICE, each laboratory, etc. would be required to install a firewall to connect to the Internet. Secure NICE uses the structure described below and it enables users to use firewalls installed by NICE.
There are other advantages for users so that the various operations necessary for establishing a new laboratory network, such as obtaining addresses and granting them to each piece of equipment as well as router configuration, are no longer necessary and users can start using the network simply by connecting computers to the information sockets.
The following figure is an outline of the Secure NICE system.
Structure of Secure NICE
Secure NICE does not require physical rewiring of the network. It configures information sockets that have been installed in laboratories, etc. as sockets for Secure NICE and uses them as a private network. When communicating with the regular NICE server or the Internet, it communicates via a firewall, DHCP and NAT server that are prepared by NICE.
When a computer, etc. is connected to an information socket that is configured for Secure NICE, the DHCP server that is installed in the Information Technology Center automatically assigns a private IP address. When accessing another computer in NICE or the external Internet from said computer, it will access them via the NAT server and firewall of the Information Technology Center.
Unlike the current method with NICE where a global IP address is assigned directly to each computer, a computer holding a private IP address cannot communicate directly with an external network under the Secure NICE system. When the computer in question requests outside access, the NAT server automatically converts its private IP address to a global IP address to enable the communication. On the contrary, however, it does not usually allow a network holding a global IP address to communicate with a computer holding a private IP address.
This structure is suitable for connecting computers in a laboratory to the outside, when the computers are used only as clients, for example for browsing websites, sending and receiving email, etc. Access from the outside is interrupted by a firewall or the NAT server to prevent the computers on the private network from being accessed from the outside, leading to improved safety. On the other hand, since this system does not allow access from outside to inside, it is not suitable for installing computers to receive access from the outside, such as from a web server or mail server.
Advantages of Using Secure NICE
Here is a summary of the advantages of using Secure Nice.
- A private IP address is used for the laboratory so that there is no chance of being attacked directly from the outside, for example by a worm.
- It is not necessary for individuals or laboratories to purchase a router or firewall. The ones provided by Secure NICE perform better than those that the laboratory can purchase.
- Private addresses are assigned dynamically by the DHCP server. Therefore, it is not necessary to obtain global IP address in advance and it is easy to configure computers, etc.