 |
Local Area Wireless Network
a research project of Laboratory for Computer Science Reasearch Department of Computer Science |
No additional software or setup required. This student runs a browser and an RU login window is presented. The student selects his or her status and authenticates.
Wirelessly connecting to a remote site
securely No special action is required. No additional software or setup is
required. A login window will be presented to the visitor - he can log
in by authenticating against either RU or IBM (assuming IBM is a trusted
authentication server). The visitor selects his or her status and
authenticates. To get access to IBM mail and internal servers, the
visitor runs the IBM VPN client already installed in his notebook.
Workshops and Conferences
If the member attending belong to organization that already
have established trust relationships with RU nothing needs been done -
if the trusted organization will "vouch" for the user RU will
accept this. If there is no established trust relationships one needs
to be established. IT managers of the respective organization need to
be contacted and information exchanged. If a trust relationship is not
desired a cover-all guest account can be established and each visitor
given access. Though possible, the latter alternative is undesirable
since it established unwanted distance between Rutgers and those
collaborating with us. By setting up trust relationships between RU and
collaborators the community is extended and all benefit. Adding
a trust relationship requires one of in a configuration file per trusted
authentication server Added. This is independent of the number of
people who will authenticate against this server. Collaborating between distinct organizations
that are physically close Each participant must include in their trusted authentication
server list the servers at their peer institutions and the
authentication protocols to be used. Once this is set up all users at
all participating institutions will have the desired access - no one
will need a guest account. In this example each participant would need
only to add two lines to the configuration file.
Abuse of Services Yes. DCIS's LAWN has a connection logging turned on which
logs every open connection established by a wireless user. Since every
email records originating IP, we can trace back to machine and user who
logged in at the time.
Network Attack Monitoring Yes. LAWN's Intrusion Detector System (IDS) can be
configured to page or email a System Administrator when the attack is
detected.
File Sharing ala Napster DCIS LAWN system currently does not limit what a user can
access. However, users are not allowed to share files or provide
services without special arrangements being made in advance with a
System Administrator. Future versions of LAWN will have policy
enforcement that controls use of services based on the class of the
users.
Bandwidth control The DCIS LAWN system was not designed to control the bandwidth
of individual users. Software is available that can easily be adapted
to the LAWN system that would enable management of an individuals
bandwidth.
Running a server on a wireless device LAWN users are, by default, clients and cannot provide
services. In this situation, the professor's laptop is running as a
web server and as a client. This can be done in the current LAWN version
but requires a special setup. Such a setup such take less than 5
minutes; however, it is an unusual setup and not routinely done.
Usage Monitoring DCIS's LAWN system is a command line driven system. To get
access to live data, administrators need only login to the machine via
SSH and type the appropriate command.
An IBM researcher collaborating
with a Rutgers' Professor visits one day a week. The visitor needs to
access his RU email, his IBM email, and servers behind IBM's firewall.
IBM supports connections to inside its firewall using their own VPN and
the visitors laptop is already set up to for this connection. What is required
to provide access to his researcher using DCIS's LAWN?
Centers often run workshop whose participants come from numerous other
universities and corporations. There will be many participants with
wireless equipped notebook who have no account at Rutgers but do have
accounts at their respective Universities or Corporations. The
participants would like to be able to access their emails, browse the
Internet, and connect back to their office using the environment already
on their laptop. What needs to be done to enable these people to gain
access to the wireless network?
New Jersey Institute of
Technology (NJIT), Rutgers University, and University of Medical and
Dentistry of New Jersey (UMDNJ) would like to setup authenticated
wireless systems, which will allow their users to access their
respective data using any of their peer institution's wireless networks.
Because the close proximity of each organizations, users would like to
use the wireless network and roam between buildings without
re-authentication. These organizations do not share list of students
and staff and use different authentication services. What steps are
required to make this seamless roaming and network collaboration?
A user
sent an email threat to one of the faculty over the wireless network.
Can the machine from which the message was sent be identified?
Can the user be identified?
A wireless client launches a denial of service attack on an Internet
site. Can a system administrator find out when such attack occurs
without analyzing the connection logs?
Can a wireless user be prevented from getting and sharing copyrighted
songs on the wireless network?
Can the
bandwidth of a user be limited?
A professor would like to provide services to students
in an e-Learning classroom. Some of the students are on their computers
in the dorms, another are on another campus in a lab, and some are
connected wirelessly in the classroom. The professor has a web server
containing his lecture and would like his student to access this file
from his wireless laptop. Can this be done?
System
Administrators need to see the list of people who are connected on a
specific wireless gateway and a list of all users who are currently
logged on wirelessly in the whole campus. How can this be done?