Introduction to LAWN · –Does not force speciﬁc VPN solutions –Support VPN pass thru (PPTP, LT2P, IPSec) –Support users end to end encryptions (SSH, SSL, POPS, IMAPS) –Connection

Laboratory for Computer Science Research • Rutgers University

Introduction to LAWN


Why did we do LAWN?

• Network management head ache– Transient network access for visitors– Mobile users needs anywhere access

• Security issues– User Accountability– Vulnerable to attacks

• High cost for data line


What is LAWN?

• Low cost network access control system– Wireless network– Wired network (public data line)

• A firewall system– Gateway between public and private network– Authenticated access

• Software solution– Created by Laboratory for Computer ScienceResearch Computer Science - Rutgers University


What does LAWN do?

• Authenticate user access to wired or wirelessnetwork with ease w/o additional software.

• Allows user to roam seamlessly acrossbuildings or campuses w/o re-login

• Allow wired/wireless devices to be servers• Manage users access to resources (soon)

– E.q., Untrusted users are limited to InternetBrowsers, Mail and SSH only.

– E.q., Trusted users can have full access.


How much does LAWN cost?

• LCSR implementation– Hardware Cost < $4500.

• ( 20 APs, 3 PCs, Switch)– Man hours in last 18 months : 50 hours

• bug fixes and software developments.– Wiring and placement of Access Points

• Software is free (Open Source)


What are the competitors?

• Blue Sockethttp://www.bluesocket.com/products/

• Vernier Network Systemshttp://www.verniernetworks.com/products.html

• Reef Edgehttp://www.reefedge.com/products/main.html


LAWN’s advantages

• Accessibility• Ease of Use• Mobile• Scalable• Secure• Accessibility• Accountable• Affordable


LAWN’s advantages

• Accessibility– Supports a number of authentication schemes– Kerberos (MIT and Rutgers)– IMAPS/IMAP– POPS/POP– RADIUS– CIFS (in progress)– LDAP (in progress)– Simple (e.q.,local plain text file)


LAWN’s advantages

• Ease of Use– No client setup required– Private IP is assigned via DHCP– Support “Any” SSID– Captive portal

• Login page• Welcome page


LAWN’s advantages

• Mobile– Roaming across ascess point w/o re-login

E.q., Within adjacent buildings within one gateway– Roaming across gateways w/o relogin

E.q., Across campus, across in campus buildings


LAWN’s advantages

• Scalable– One Authentication server, multiple gateways– Multiple Authentication servers, multiple

gateways– Trust relationship between Authentication

Servers


One Authenticator, Multiple Gateways Diagrams


Trust Diagrams


Scalability Diagrams


LAWN’s advantages

• Secure– Does not use Wired Equivalent Privacy (WEP)– Data transmitted in the clear like wired network– Does not force specific VPN solutions– Support VPN pass thru (PPTP, LT2P, IPSec)– Support users end to end encryptions (SSH,

SSL, POPS, IMAPS)– Connection Logging and Intrusion Detection


LAWN’s advantages (cont.)

• Accessible– Wired public network jacks– Wireless extends network reach– Any authenticate-able users can get access



• Accountable– Users Access are logged– Connection information are logged– Usage Logs can reveal date, time and sites



• Affordable– Uses simple access points– Minimum hardware 300Mhz Pentium II– 128Mb memory– 2 Gig Byte hard disk space– 2 Ethernet Cards


LAWN’s Shortcomings

• Installation• Monitoring/Reporting• Customization is command line driven• Optional external VPN server• Policy based fine grain access control• No quality of service


LAWN’s Shortcomings

• Installation– It’s a software solution, not an appliance.

• Does not include the hardware.• Requires software installation, and thus some

Linux system administration skills

• Monitoring/Reporting– No current live usage reporting tool


LAWN’s Shortcomings (cont.)

• Customization is command line driven– E.q., adding servers on wireless network

• Optional external VPN server– Packets are in the clear– This is a conscious decision.


LAWN’s Shortcomings (cont.)

• Policy based fine grain access control– E.g., users with only http access

• No quality of service– E.g., per user bandwidth limitation


How much does it cost?

• LAWN Implementation atCore + Hill Center < $5000– Consisting of:

• 6 Departments• 24 Access points• 1 Authentication Server• 1 LAWN Gateway + IDS


Who uses LAWN Technology?

• Mathematic department• Division for Computer Information Sciences• Laboratory for Computer Science Research• Industrial Engineering• DIMACS• CAIP• New Jersey Legal Library• Psychology department• Many more…


How do I get it?

• Contact: Hanz Makmur• Email: [email protected]

Documents

Introduction to LAWN · –Does not force speciﬁc VPN solutions –Support VPN pass thru (PPTP, LT2P, IPSec) –Support users end to end encryptions (SSH, SSL, POPS, IMAPS) –Connection