directconnect & um’s network access control
DESCRIPTION
University of Montana - Missoula Adam Ormesher & Chase Maier. DirectConnect & UM’s Network Access Control. Background Information. We provide internet to about 3000 residents All ten dorms are currently wired-only connections NAT – Not enough forward facing IPs - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/1.jpg)
DirectConnect & UM’s Network
Access Control
University of Montana - Missoula
Adam Ormesher & Chase Maier
![Page 2: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/2.jpg)
Background Information
We provide internet to about 3000 residents
All ten dorms are currently wired-only connections
NAT – Not enough forward facing IPs Outside connection managed by Central
IT – Not us
![Page 3: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/3.jpg)
IP Address Pools Each residence hall has two designated
pools of IP addresses for use by clients.
“dirty pool” not registered or banned○ 10.247.__.__
“clean pool” devices which have been registered and are able to access the Internet and network resources.○ 10.248.__.__
![Page 4: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/4.jpg)
Network Level Restrictions Each switch blocks outbound DHCP
Offers on all switch interfaces.A single exception is necessary allowing our
approved DHCP server to provide devices with leases.
This helps alleviate problems caused by students plugging in routers backwards which compete with our DHCP server.
![Page 5: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/5.jpg)
Network Level Restrictions
![Page 6: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/6.jpg)
Network Level Restrictions Rouge DHCP Example
Student Router Student Router
![Page 7: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/7.jpg)
DCOHome - Uses
Custom web application containing:Residence Halls Switch Port ControlResidential DHCP Backend Data StoreStudent Housing Records
![Page 8: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/8.jpg)
DCOHome – Student Info
Student Personal InformationStudent ID, NetID, Name, Email, Phone #
Housing InformationDorm & Room #
The above information is updated daily from Banner for students living in our residence halls.
![Page 9: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/9.jpg)
DCOHome – Registration
Each device that is connected to the network is given a DHCP lease based on MAC Address.
Each device is assigned to an existing student.
Game consoles are manually registered by our employees.
![Page 10: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/10.jpg)
DCOHome – Ban Methods Using the ban system we are able to:
Ban specific MAC Addresses
Ban all devices registered to a student.
Banned machines are returned to the “dirty pool.”
![Page 11: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/11.jpg)
DCOHome – Ban Reasons Student conduct violations
DMCA violations
Network Impacting Infections
Malfunctioning hardware
Unauthorized hardware
![Page 12: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/12.jpg)
DCOWeb – Overview
DCOWeb provides the following:
DHCP Server
Web Server
DNS Server
![Page 13: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/13.jpg)
DCOWeb – DHCP Server
Developed using Java by our internal programming team.
Communicates with DCOHome using XML.
![Page 14: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/14.jpg)
DCOWeb – Web Server
Contains pages with:Instructions to be followed to register.Commonly downloaded files.
○ Windows Service Packs○ .NET Installers○ Antivirus & Antimalware Utilities
![Page 15: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/15.jpg)
DCOWeb– DNS Server
Computers in the “dirty pool” are assigned DCOWeb as their DNS server.
All DNS lookups sent to DCOWeb resolve to the IP of DCOWeb (10.248.242.55).
What is IP for “www.google.com”?
10.248.242.55 (DCOWeb)
Client In Dirty Pool DCOWeb
![Page 16: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/16.jpg)
Overview
Student info
DHCP log
Port status
DHCP Server
DNS Server
Hosted Files
Client(Student machine)
DCOHome DCOWeb
![Page 17: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/17.jpg)
DCOWeb – Mac Setup
![Page 18: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/18.jpg)
DCOWeb – Windows Setup
![Page 19: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/19.jpg)
![Page 20: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/20.jpg)
![Page 21: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/21.jpg)
![Page 22: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/22.jpg)
![Page 23: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/23.jpg)
![Page 24: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/24.jpg)
![Page 25: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/25.jpg)
![Page 26: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/26.jpg)
![Page 27: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/27.jpg)
![Page 28: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/28.jpg)
![Page 29: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/29.jpg)
![Page 30: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/30.jpg)
![Page 31: DirectConnect & UM’s Network Access Control](https://reader035.vdocument.in/reader035/viewer/2022062301/568130a8550346895d96ae40/html5/thumbnails/31.jpg)
Questions?
www.resnetsymposium.org/rspm/evaluation/