PacketFence is a Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus or OpenVAS vulnerability scanners; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks.
Students interested in Network Security and Security tools in general should definitely take a look.
For more information on PacketFence visit http://www.packetfence.org/.
Take a look at the code and fork it! https://github.com/inverse-inc/packetfence
The mentor can be reached on irc.freenode.net #packetfence: plaxx
Our developer mailing list is also a place where you can reach him: https://lists.sourceforge.net/lists/listinfo/packetfence-devel
A lot of endpoint security use cases require built-in client-side agent to perform various checks before allowing network access. Such agents often verify patch-level and the presence of an Anti-Virus on the client and reports to the NAC server. PacketFence would benefit from the availability of an open source and free modular agent.
Knowledge of multi-platform client-side programming. Experience with developing modular architectures (plugin-based). Security-oriented.
When using iOS-based devices, we can generate a “mobile configuration profile” to automatically generate wireless configurations after devices registration. The idea here would be to create a small Android application that would read Appel’s mobile configuration profile format (XML file) and perform the required steps on the mobile device to configure it.
Knowledge of Java and Perl programming.
Our current Web Administration interface is done in PHP while our core is all Perl. This turned out to be a major architectural limitation. We are interested in rewriting our Web Administration interface in Perl using a modern MVC architecture and leveraging existing Perl components like Catalyst if applicable.
Our configuration wizard is currently a command line tool because of a current architecture limitation. Our aim is for the student with the help of the mentor to lift that limitation and then re-implement the configuration wizard with a modern Web-based one.
PacketFence currently integrates with the Nessus vulnerability scanner to verify the compliance of clients who requested network access. Nessus is no longer an open source and free tool so it cannot be bundled with PacketFence. Nmap would be a good candidate to replace Nessus thanks to its scripting engine and the availability of perl bindings.
Strong experience with Perl creating maintainable code. Good knowledge of nmap. Familiarity with nmap NSE a plus.
IF-MAP is a protocol used to store, correlate, and retrieve identity, access control, and security posture information about users and devices on a network. We are interested in creating or integrating an IF-MAP daemon in PacketFence so that it will be able to receive messages from other network infrastructure tools and re-act on them according to a policy.
Strong experience with Perl creating maintainable code. Experience with Web Services. Familiarity with IF-MAP a plus.
PacketFence's high-availability use cases always relied on running it in a active-passive cluster. This usually involves lots of error-prone per-host configuration but is also a misuse of resources (one server idle all the time). Also this doesn't allow the application to vertically scale by adding more servers like an active-active setup would do.
Several problems prevent PacketFence to run in an active-active cluster mode but we would want a student to look at these problems and resolve them in creative ways and to possibly have a limited active-active proof of concept.
Skills / Requirements
Strong experience with Perl. Experience with high-availability tools like DRBD, MySQL replication mecanisms, and multi-layer software load balancers (such as LVS, haproxy, keepalived, etc). Access to a managed switch supported by PacketFence required.
We would like to see a UX / visualization driven student to experiment in that area where we have little experience in our organization!
Implement support for any of the following authentication mechanism:
Do not hesitate to submit your own idea!
Summer of Code Application Template
The following template shows how we want you to structure your application to participate in GSoC with PacketFence. This is basically a job application, so please submit a clean, concise application that answers all the questions in the template.
If you need further explanation because you don't understand what we're asking for in any of these sections, please contact firstname.lastname@example.org by email for help, or drop into irc.freenode.net #packetfence. We're looking forward to reading your application, so be creative and propose something awesome we can't live without!
Please include the following sections in your application. Strip out the text in angle brackets and replace it with your own information! It's only there to give you instructions, and is not meant to be part of your application.
Personal Website: <http://yourdomain.tld>
Skype ID or GTalk: <SkypeID or email@example.com (for IM and voice chats).>
IRC nick: <Your IRC Nickname on Freenode (if any)>
Phone number: <If all contact methods fail because you are in an internet-free zone at some point, we can try your phone. Enter your phone number (with country code) here.>
School Name: <The name of your university.>
Years completed: <What year will you have just finished when you start GSoC?>
Perl Experience Level: <Say beginner, intermediate or advanced. You will give more details in the experience section below.>
PacketFence Experience Level: <Say no experience, current user or contributor. No experience is ok!>
Describe your idea in detail: <Whether you took the idea from our list of suggestions (https://docs.google.com/document/pub?id=1SCJeF-3n3_jlxkjXVLUvOUu9PB2GGI0ONP5FzTvgZic) or it's something you've come up with on your own, propose your project here. Please be as detailed as possible, including the problem you want to solve, the scope of the project (be specific about features) and the coding approach you'll take.>
What have you done so far with this idea: <Include any work or research on this project you have already done. Sharing the project idea on the packetfence-devel mailing list in advance of your application is a good idea; if you have done so, summarize the list response to your project idea/approach. Note: summarize the discussion here; do NOT just link to the packetfence-devel archive.>
Anticipated challenges: <Identify any challenges or risks there are to the project not being as successful as you hope or not being complete by the end of the GSoC term.>
Schedule of Deliverables
Milestones and deliverables schedule: <What are the milestones and deliverables for your project? It should take the form of a list with dates and deliverables. A task and/or milestone for each week of the development period is a good idea, since it will help your mentor keep you on track to complete your project. For example:
* Month/Date - Revise project plan with mentor, set up development environment
* Month/Date - Tackle highest risk activity "fetch 10000 node record through Web Services"
* Month/Date - Submit first draft code for review
etc. You get the idea. The more detailed you are, the more convinced we'll be that you've thought about this project realistically. If accepted, the first thing yo'll do will be to work with your mentor to define a very specific commitment regarding deliverables and schedule to determine eligibility for full student payment at the halfway mark and at the end of the program. This will help limit disappointment for both mentors and students.>
Other commitments: <Do you have any other commitments during this time that could impact your ability to be online, coding and/or communicating with your mentor? Include school, work and family commitments.>
Open Source Development Experience
Perl Experience: <We are a Perl program, so describe any/all experience you've had writing Perl. Links appreciated.>
Experience related to your idea: <List any experience that will help you complete the implementation of your idea. Links appreciated.>
PacketFence Experience: <Preference will be given to students who have shown an interest in PacketFence already by submitting patches because it will give us another means to evaluate student coding abilities. If you've not been active in the PacketFence development community before now, please consider writing a patch before you apply or at the same time. It's not *required* but it's strongly recommended. In addition to describing your patches, please link to the mantis tickets. If you have no PacketFence coding experience, consider attempting a patch for one of the following issues as a supplement to your application:
Ticket #1080: Show some of the latest packetfence log entries somewhere under administration
Ticket #1120: node import support for more input fields
Other Open Source/Free Software Experience: <If you have experience with open source development in any form, even a few bug reports or some tiny 2-line patch to something obscure, tell us! Also, link to it!>
Work Experience: <List any work experience you've had relevant to the proposed project, software development, networking or security. You can include paid jobs, internships, academic assistantships, etc. Identify for each job what your responsibilities were and how your success was measured (deadlines/deliverables, or just being there?).>
Academic Institution: <Identify your college/university by name, and give its location (city, state/province/etc, country).>
Current Program: <Identify your major, what degree type you are working on (BA, MS, PhD, etc), and what year you are (freshman, junior, 2nd year candidate, etc).>
Anticipated Graduation: <Give the year you expect to complete your program.>
Academic Performance: <List what you're studying in university/college that is relevant, how you're doing in your program, etc. Please be specific about which programming courses you've completed. An official transcript is not necessary, but cutting and pasting the course names and grades you've earned so far will help us understand your background better and tailor project scope accordingly.>
GSoC for Credit: <Are you planning to use your GSoC project as an independent study for college credit? For this question, write "Yes" or "No". If yes, please include the title of your independent study and the name and email address of the professor who would be your independent study advisor.>
References: <Please give the names and email addresses of up to 4 computer science professors (and/or relevant employers) who can vouch for your Perl experience.>
You're applying to work with PacketFence during GSoC because: <Tell us why you chose to apply with us. Be as specific as possible.>
After GSoC, you envision your involvement with PacketFence will be: <Over? Ongoing? Evolve into being a core contributor or committer? Tell us what you envision your participation with the PacketFence development community will be like after GSoC comes to an end?>
We recommend reading:
- Drupal's HOWTO: Write a Summer of Code application
Thanks for applying!
Application form largely borrowed from http://codex.wordpress.org/GSoC_2010_Application_Template