CSD-Team 13 Oasis v.2. Introduction Oasis v.1 ISPs share access network Security Choice for...

Post on 15-Jan-2016

216 views 0 download

Tags:

transcript

CSD-Team 13

Oasis v.2

Introduction

Oasis v.1 ISPs share access network Security Choice for end-users Compatible with legacy systems Problems with the current solution

Current Solutions

Access based on MAC-address, easy to crack

No encryption over the wireless link No easy-to-use interface to add ISPs

Our Solution

Takes advantage of the latest technologiesEverything that supports 802.1X (Win XP,

Linux, Mac OS X)Highest security provided by hardware

Supports legacy hardware/softwareEverything that supports PPTP

Our Solution

Easy-to-use interface to add ISPs Few requirements for ISPs Easy-to-use for end-user

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Radius-FreeRadius Database-SQL VLAN Monitor-Cacti Management server

Oasis Server

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

SupplicantSupplicant

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Supplicant

user@isp1.se

Identifies ISPWhich server?Which VLAN?

user@isp1.se

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Supplicant

user@isp1.se

RADIUS server

ISP

userYes

Yes VLAN

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Client

user@isp1.se

Fall back server

PPTP

802.1X

Fallback VLAN

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Client

user@isp1.se

Oasis

ISP1 ISP2 ISP3

AP

Network OP

web-based

Client

user@isp1.se

SNMP

SNMPSNMPSNMP

Front-end to RRDToolFront-end to RRDTool

SNMP supportSNMP support

Store data into MySQL DBStore data into MySQL DB

Done in PHPDone in PHP

Integrating into OASIS v.2Integrating into OASIS v.2 ScriptsScripts

Testing @ KistaIP

Tested both native and fallback Tested with different platforms Tested with switches and access points

Current KistaIP

VLANs used to seperate the ISPs. Short lease time IP address User chooses the ISP via web page. Switched to VLAN depends on selection

Native setup

Fallback setup

Problems faced

DHCP plugin to look for a DHCP server. DNS information doesn’t receive from ISP. Default route and Routing tables. Access points need additional features. Certificate Issues

Accomplishments

Management Server using XMLRPCConfiguration of FreeRADIUS

Management Interface Fallback Server

Transparent for ISPs Cacti integration Successful test with two ”fake” ISPs

Problems and limitations

Complicated setup Hardware configuration

Adding ISP requires reconfiguration of switches/access points

Fallback is limited by hardware supportFor wireless, needs multiple BSSIDs or multiple

APsFor wired, needs ”unauth vlan”

Future work

Packaging Certificates Automatic hardware configuration Local services

Team Members:

Ang Ma

Lucas Díez

Pratheepan Gunaratnam

Mikael Pettersson

Sasikumar Purushothaman

Thanks!

And Questions?