Because of the potential security risks inherent in the networks unencrypted architecture; there is another kind of Firewall. These utilise a VPN within the Institutional Firewall that uses IPSEC data encryption, has the capability of keeping a security audit ie a log of connection requests (who, what, where and when); and also has the ability to use what is essentially a table of user access rights to LondonMet business applications, such as SITS the student record system application or finance applications.
This table holds for each ICT AccountID, amongst other things details of the user and what firewall groups they are a member of. This firewall grouping defines what applications they can use.
When a user attempts to login to the Internal Firewall via the Identity Management Service; in order to access a business application LDAP returns as part of its attributes the access permissions available to that user; and this determines whether the firewall blocks the login or allows it.
Note there is a bit of a duplication of effort happening here; in that MS ActiveDirectory also controls access to applications but it does so by restricting what icons appear on the Windows Desktop. This Internal Firewall access control ensures key MIS apps are protected when accessed from the intranet or from a non-MS PC.