Laboratory for Computer Science Research • Rutgers University
Introduction to LAWN
Laboratory for Computer Science Research • Rutgers University
Why did we do LAWN?
• Network management head ache– Transient network access for visitors– Mobile users needs anywhere access
• Security issues– User Accountability– Vulnerable to attacks
• High cost for data line
Laboratory for Computer Science Research • Rutgers University
What is LAWN?
• Low cost network access control system– Wireless network– Wired network (public data line)
• A firewall system– Gateway between public and private network– Authenticated access
• Software solution– Created by Laboratory for Computer ScienceResearch Computer Science - Rutgers University
Laboratory for Computer Science Research • Rutgers University
What does LAWN do?
• Authenticate user access to wired or wirelessnetwork with ease w/o additional software.
• Allows user to roam seamlessly acrossbuildings or campuses w/o re-login
• Allow wired/wireless devices to be servers• Manage users access to resources (soon)
– E.q., Untrusted users are limited to InternetBrowsers, Mail and SSH only.
– E.q., Trusted users can have full access.
Laboratory for Computer Science Research • Rutgers University
How much does LAWN cost?
• LCSR implementation– Hardware Cost < $4500.
• ( 20 APs, 3 PCs, Switch)– Man hours in last 18 months : 50 hours
• bug fixes and software developments.– Wiring and placement of Access Points
• Software is free (Open Source)
Laboratory for Computer Science Research • Rutgers University
What are the competitors?
• Blue Sockethttp://www.bluesocket.com/products/
• Vernier Network Systemshttp://www.verniernetworks.com/products.html
• Reef Edgehttp://www.reefedge.com/products/main.html
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Accessibility• Ease of Use• Mobile• Scalable• Secure• Accessibility• Accountable• Affordable
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Accessibility– Supports a number of authentication schemes– Kerberos (MIT and Rutgers)– IMAPS/IMAP– POPS/POP– RADIUS– CIFS (in progress)– LDAP (in progress)– Simple (e.q.,local plain text file)
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Ease of Use– No client setup required– Private IP is assigned via DHCP– Support “Any” SSID– Captive portal
• Login page• Welcome page
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Mobile– Roaming across ascess point w/o re-login
E.q., Within adjacent buildings within one gateway– Roaming across gateways w/o relogin
E.q., Across campus, across in campus buildings
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Scalable– One Authentication server, multiple gateways– Multiple Authentication servers, multiple
gateways– Trust relationship between Authentication
Servers
Laboratory for Computer Science Research • Rutgers University
One Authenticator, Multiple Gateways Diagrams
Laboratory for Computer Science Research • Rutgers University
Trust Diagrams
Laboratory for Computer Science Research • Rutgers University
Scalability Diagrams
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages
• Secure– Does not use Wired Equivalent Privacy (WEP)– Data transmitted in the clear like wired network– Does not force specific VPN solutions– Support VPN pass thru (PPTP, LT2P, IPSec)– Support users end to end encryptions (SSH,
SSL, POPS, IMAPS)– Connection Logging and Intrusion Detection
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages (cont.)
• Accessible– Wired public network jacks– Wireless extends network reach– Any authenticate-able users can get access
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages (cont.)
• Accountable– Users Access are logged– Connection information are logged– Usage Logs can reveal date, time and sites
Laboratory for Computer Science Research • Rutgers University
LAWN’s advantages (cont.)
• Affordable– Uses simple access points– Minimum hardware 300Mhz Pentium II– 128Mb memory– 2 Gig Byte hard disk space– 2 Ethernet Cards
Laboratory for Computer Science Research • Rutgers University
LAWN’s Shortcomings
• Installation• Monitoring/Reporting• Customization is command line driven• Optional external VPN server• Policy based fine grain access control• No quality of service
Laboratory for Computer Science Research • Rutgers University
LAWN’s Shortcomings
• Installation– It’s a software solution, not an appliance.
• Does not include the hardware.• Requires software installation, and thus some
Linux system administration skills
• Monitoring/Reporting– No current live usage reporting tool
Laboratory for Computer Science Research • Rutgers University
LAWN’s Shortcomings (cont.)
• Customization is command line driven– E.q., adding servers on wireless network
• Optional external VPN server– Packets are in the clear– This is a conscious decision.
Laboratory for Computer Science Research • Rutgers University
LAWN’s Shortcomings (cont.)
• Policy based fine grain access control– E.g., users with only http access
• No quality of service– E.g., per user bandwidth limitation
Laboratory for Computer Science Research • Rutgers University
How much does it cost?
• LAWN Implementation atCore + Hill Center < $5000– Consisting of:
• 6 Departments• 24 Access points• 1 Authentication Server• 1 LAWN Gateway + IDS
Laboratory for Computer Science Research • Rutgers University
Who uses LAWN Technology?
• Mathematic department• Division for Computer Information Sciences• Laboratory for Computer Science Research• Industrial Engineering• DIMACS• CAIP• New Jersey Legal Library• Psychology department• Many more…
Laboratory for Computer Science Research • Rutgers University
How do I get it?
• Contact: Hanz Makmur• Email: [email protected]