Hi Kurt,
I'd need to know more about your security goals/threat model. no problem I will try to give you as much information as you need.
Are you worried about people breaking in via the internet? Well not only people but also automated tools, trojans, worms, virii and so on.
Are you worried about kids beaking out and causing grief for others online? Not really, because we are a business school, and the people who know how computers work and how to use them creative are very few. But sometimes you have to protect the people from themselves. I mean, we don't want to have our systems infected by a virus just because someone opened a .exe file from his webmail account and didn't know, why he shouldn't double-click on things he doesn't know.
I assume (well hope) that the school administrative network (i.e. grades/etc) is seperate, or is it part of this network? No, it is seperated and we have no permission to change the layout of that network. Only the network that is usable by the pupils in the computer rooms. (The teachers network and the school administrative network are seperated, but get the internet connection over the same router. The router is not configured by us, but by our ISP.)
What are the desktops running? The desktops will run Win 2000 as operating system. We will use the Internet Explorer 6.0 as browser, to enable the pupils getting information over the internet.
What is the purpose of this network? Teach kids to find info online? run educational programs? Access to email? The purpose of the network is to connect our different computer rooms and computer classes with each other. To enable every pupil unfiltered access to any information of the internet. To provide a personal email account to every pupil, they should also have a personal computer account on the Win 2000 clients and on the intranet. The intranet will be something like a informational source for the pupils. The plan for the intranet is not done yet, but I have some ideas in my mind. It should get a informational source for all pupils. There will be some tutorials about the basics of how to use the internet effectively and some tutorials about HTML and so on.
Etc, etc. I can't really give you much help without sitting down, I suggest you maybe hire SuSE for an hour or two of consulting, it will save you a lot of grief in the long run. Well I think we can't afford that.
Some additional info to our group: Our group has 6 members (pupils) which are interested in and understand computers. The leader is our administrator (a teacher), but we have very much permissions, and he doesn't limit our creativity, although he critisizes our proposals (which is very good). The whole project is promoted by the EU (we will get a certificate at the end. I for myself don't do that for the certificate, but for the fun :-) ). Our goal is just to improve the school network and to create something like a school security system. I hope I cleared the situation. I uploaded a new draft (with Björn's suggestions). Thank you for spending time for me. Have a nice day, Christoph