Contact Chase

Project Details


Project Tags

The following tags have been assigned:


Media Gallery

Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.
Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.Presentation slide relating to DCOWeb from a presentation given by Chase Maier at the ResNet Symposium 2010 in Bellingham, Washington discussing the network access control system developed for protecting the University of Montana's network.

Related Projects

The following projects are related:

DCOWeb (DNS and Web Services)


This project was done while I was a Resident Technology Assistant with Student Affairs IT at the University of Montana, Missoula. The University of Montana provides in-room internet access to residents living in the on-campus residence halls and off-campus university owned apartment complexes. In order to protect the network and make associations between devices connected to the network and the owners of those devices a substantial custom-built network access control system was developed over a number of years by several programmers working for Student Affairs IT including - most prominently - myself, Dave Short, and David O'Hagan. The "DCOWeb " server was responsible for managing the connections for new devices connected to the network before those devices were allowed to access any other network resources or the Internet. This project description is focused specifically on the DNS and Web services provided by this server.

The following assumes at least a basic understanding of the goals and configuration of the DirectConnect Internet Connection Process and Network Access Control Systems.

DNS

In order for new devices connecting to the network to interact with the Web services provided by DCOWeb without explicitly navigating to the FQDN of that server a customized DNS server backed by Microsoft IIS was employed to respond to all DNS requests with the server's own IP address forcing clients to send all requests to this server. This made it so new devices connecting to the network can simply open up a web browser and navigate to any domain name or even the default homepage and be presented with the web-based device registration instructions and related pages instead of the page they were expecting.

Web Services (Public)

First, a standard series of web pages using a small PHP framework I made to manage the theme, provide operating system detection, and other minor features were created to walk the visitor through the process of registering their device and downloading OS-specific setup packages when necessary. Pages were also created to provide the ability for client devices to download common software updates and allow our staff to access common installation media using in the troubleshooting process while assisting students with the setup process.

Additionally, I created a web-based API available to devices running OS-specific setup packages to facilitate communication with the DCOHome database and other external services as well as to automate the retrieval of resources such as service packs, antivirus software, and other installation media. Since clients were quarantined and had access only to services provided by DCOWeb it was necessary for the DCOWeb server to act as an intermediary via these published APIs.

Finally, after Student Affairs IT began to formalize it's process of handling DMCA violations in conjunction with the Residence Life Office occurring on the DirectConnect network (e.g. students illegally downloading music and movies using the campus network), I created a mechanism allowing students who had their network access disabled as a result of a DMCA violation from one of their devices to be presented with an explanation of the situation and instructions on how to proceed with getting their access restored. This was far more effective and efficient than our previous practice of disabling the interface or physically unplugging the network cable connecting their assigned network jack inside their room to the network switch and, because of the technology being used, was effective regardless of the computer or device they were using or the location where they were connecting, unlike the previous method.

Web Services (Private)

In order to handle requests and make appropriate decisions DCOWeb also made use of and provided private web APIs facilitating communications between DCOWeb and the DCOHome web service which was responsible for managing and maintaining all client data and information recorded during the registration process. A second network adapter was included in this server allowing it to communication on both the "dirty" (quarantine) network and the "clean" network (of already registered devices with full Internet and network access) simultaneously.