As it has become increasingly important to provide wireless Internet access for their patrons, libraries and colleges are almost expected to offer this service. Inexpensive methods of providing wireless access--such as adding a commodity wireless access point to an existing network--can suffer from security issues, access by external entities, and bandwidth abuses. Designs that address these issues often involve more costly proprietary hardware as well as expertise and effort that are often not readily available. A wireless network built with open-source software and commodity hardware that addressed the cost, security, and equal access issues mentioned above was presented in the June 2007 issue of ITAL. (1) This tutorial highlights enhancements to the previous design that help to explain the technical hurdles in implementation, and includes a program that monitors the status of the various software and hardware components, helping to reduce the time required to administer the network.
The wireless network presented requires several different pieces of software that must work together. Because each of the required software programs are frequently updated, slight changes to the implementation may also be needed. A few issues that have arisen since the previous paper was written are addressed. A note is provided explaining the significance of setting the correct Media Access Control (MAC) address for the radius server and for Wireless Distribution System (WDS) when configuring the system. In addition, in order to provide secure exchange of authentication credentials (username and password), the Secure Socket Layer was used. A brief explanation of how to install a registered certificate on the gateway server is provided. Lastly, a program that monitors the status of the network, provides a Web page displaying the status of the various hardware and software components, and e-mails administrators with any changes to the network status--along with information on how this program is to be deployed within the network--is presented.
Configuration changes for previous design
As new exploits are discovered and patched on a continual basis, any system should be regularly updated to insure that the most recent software is being used. The network design provided in the previous article used many different software components including, but not limited to:
Access Point Software OpenWRT--Whiterussian rc3
DNS Cache Dnsmasq v2.32
Gateway Chillispot vl.0
Operating System Fedora Core 4
RADIUS Server Free Radius vl.0.4
Web Caching Server Squid v2.5
Web Server Apache 2.2.3
Many of these components can be kept up-to-date by using the Yellow dog Updater, Modified (yum). (2) For example, to update a given package, with root access, at the command line enter:
yum update packageName
The yum command may also be used to update each package that has an available update by simply removing the package name from the yum update command and entering the following:
yum update
Yum may also be used to upgrade the entire operating system. (3)
Keep in mind that with any change in software, the configuration of any particular package may change as well. For example, the newest version of Squid is currently 2.6. Appendix D in the previous paper explained how to allow transparent relay of Web requests so that client browsers did not have to be reconfigured. So, while version 2.5 required four...
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar