PacketFence Ideas for Google Summer of Code 2012

PacketFence Ideas for Google Summer of Code 2012

Projet description

Contact information

Projet Ideas

Create a multi-platform agent that would perform client-side security verifications

Android-based application for devices autoconfiguration

Web administration interface rewrite

Initial configuration Web-based instead of through command line

nmap integration as a scanning engine

IF-MAP integration

Active - Active clustering support

Experiments in data visualization

New authentication schemes

Your idea!

Application template

Projet description

PacketFence is a Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus or OpenVAS vulnerability scanners; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks.

Mainly developed in Perl with some PHP, Web (HTML/CSS/Javascript) and SQL, PacketFence leverages components from famous open source projects like Snort, Apache's HTTPD, Net-SNMP, FreeRADIUS, mod_perl, MySQL, DHCPd, Bind (named), OpenVAS and more.

Students interested in Network Security and Security tools in general should definitely take a look.

For more information on PacketFence visit http://www.packetfence.org/.

Take a look at the code and fork it! https://github.com/inverse-inc/packetfence

Contact information

The mentor can be reached on irc.freenode.net #packetfence: plaxx

Our developer mailing list is also a place where you can reach him: https://lists.sourceforge.net/lists/listinfo/packetfence-devel

Projet Ideas

Create a multi-platform agent that would perform client-side security verifications

Summary

A lot of endpoint security use cases require built-in client-side agent to perform various checks before allowing network access. Such agents often verify patch-level and the presence of an Anti-Virus on the client and reports to the NAC server. PacketFence would benefit from the availability of an open source and free modular agent.

Implementation

  1. Develop multi-platform and modular architecture for the Agent
  2. Create basic client-side tests (patch-level, registry tests, ...)
  3. Hook with server component using Web Services
  4. Work on preventing client-side attacks (encryption, server challenge-response, anti-debugging, etc.)

Skills

Knowledge of multi-platform client-side programming. Experience with developing modular architectures (plugin-based). Security-oriented.

Android-based application for devices autoconfiguration

Summary

When using iOS-based devices, we can generate a “mobile configuration profile” to automatically generate wireless configurations after devices registration. The idea here would be to create a small Android application that would read Appel’s mobile configuration profile format (XML file) and perform the required steps on the mobile device to configure it.

Implementation

  1. Develop an Android application that works with v2.X and up
  2. Integrate it with PacketFence’s captive portal so it becomes a downloadable application after registration for iOS devices

Skills

Knowledge of Java and Perl programming.

Web administration interface rewrite

Summary

Our current Web Administration interface is done in PHP while our core is all Perl. This turned out to be a major architectural limitation. We are interested in rewriting our Web Administration interface in Perl using a modern MVC architecture and leveraging existing Perl components like Catalyst if applicable.

Implementation

  1. Establish technical requirements with mentor for new architecture
  2. Chose appropriate architecture / framework
  3. Experiment with architecture making sure that basic technical requirements are met
  4. Iteratively add features

Skills

Strong experience with Perl creating maintainable code. Experience with Web Services (SOAP::Lite). Experience with Perl Web / MVC frameworks (Catalyst). Knowledge of HTML, CSS, and JavaScript/AJAX is definitely an advantage.

Initial configuration Web-based instead of through command line

Summary

Our configuration wizard is currently a command line tool because of a current architecture limitation. Our aim is for the student with the help of the mentor to lift that limitation and then re-implement the configuration wizard with a modern Web-based one.

Implementation

  1. Re-architect the solution to allow Apache to run even if PacketFence is not properly configured
  2. Re-think the configuration process and provide mock-ups for an improved web-based configuration process
  3. Implement that new configuration process

Skills

Strong experience with Perl creating maintainable code. Strong experience with HTML / CSS / Javascript. Strong interest in Web usability and UX.

nmap integration as a scanning engine

Summary

PacketFence currently integrates with the Nessus vulnerability scanner to verify the compliance of clients who requested network access. Nessus is no longer an open source and free tool so it cannot be bundled with PacketFence. Nmap would be a good candidate to replace Nessus thanks to its scripting engine and the availability of perl bindings.

Implementation

  1. Initial proof of concept of Nmap integration by replacing current pf::scan with a nmap-enabled one
  2. Re-architect pf::scan to allow multiple scanning back-ends
  3. Experiment with nmap configuration through PacketFence
  4. Find and/or develop interesting nmap NSE scripts for PacketFence

Skills

Strong experience with Perl creating maintainable code. Good knowledge of nmap. Familiarity with nmap NSE a plus.

IF-MAP integration

Summary

IF-MAP is a protocol used to store, correlate, and retrieve identity, access control, and security posture information about users and devices on a network. We are interested in creating or integrating an IF-MAP daemon in PacketFence so that it will be able to receive messages from other network infrastructure tools and re-act on them according to a policy.

Implementation

  1. Experiment with current IF-MAP server software and library offerings
  2. Perform proof of concept integration with PacketFence where an IF-MAP message would trigger the isolation of a client device

Skills

Strong experience with Perl creating maintainable code. Experience with Web Services. Familiarity with IF-MAP a plus.

Active - Active clustering support

Summary

PacketFence's high-availability use cases always relied on running it in a active-passive cluster. This usually involves lots of error-prone per-host configuration but is also a misuse of resources (one server idle all the time). Also this doesn't allow the application to vertically scale by adding more servers like an active-active setup would do.

Several problems prevent PacketFence to run in an active-active cluster mode but we would want a student to look at these problems and resolve them in creative ways and to possibly have a limited active-active proof of concept.

Implementation

  1. Install and experiment with PacketFence on a managed switch
  2. Discuss with the mentor about the current active-active problems and ideas to resolve the problems
  3. Proof of concept experiments with the potential solutions and document your findings making intrusive changes to PacketFence if necessary

Skills / Requirements

Strong experience with Perl. Experience with high-availability tools like DRBD, MySQL replication mecanisms, and multi-layer software load balancers (such as LVS, haproxy, keepalived, etc). Access to a managed switch supported by PacketFence required.

Experiments in data visualization

We would like to see a UX / visualization driven student to experiment in that area where we have little experience in our organization!

New authentication schemes

Implement support for any of the following authentication mechanism:

Your idea!

Do not hesitate to submit your own idea!

Application template

Summer of Code Application Template

The following template shows how we want you to structure your application to participate in GSoC with PacketFence. This is basically a job application, so please submit a clean, concise application that answers all the questions in the template.

If you need further explanation because you don't understand what we're asking for in any of these sections, please contact
obilodeau@inverse.ca by email for help, or drop into irc.freenode.net #packetfence. We're looking forward to reading your application, so be creative and propose something awesome we can't live without!

Please include the following sections in your application. Strip out the text in angle brackets and replace it with your own information! It's only there to give you instructions, and is not meant to be part of your application.


Personal Details

Name: <Your_Name_Here>
Email: <name@domain.com>
Personal Website: <http://yourdomain.tld>
Skype ID or GTalk: <SkypeID or name@gmail.com (for IM and voice chats).>
IRC nick: <Your IRC Nickname on Freenode (if any)>
Phone number: <If all contact methods fail because you are in an internet-free zone at some point, we can try your phone. Enter your phone number (with country code) here.>
School Name: <The name of your university.>
Years completed: <What year will you have just finished when you start GSoC?>
Perl Experience Level: <Say beginner, intermediate or advanced. You will give more details in the experience section below.>
PacketFence Experience Level: <Say no experience, current user or contributor. No experience is ok!>


Project Description

Describe your idea in detail: <Whether you took the idea from our list of suggestions (
https://docs.google.com/document/pub?id=1SCJeF-3n3_jlxkjXVLUvOUu9PB2GGI0ONP5FzTvgZic) or it's something you've come up with on your own, propose your project here. Please be as detailed as possible, including the problem you want to solve, the scope of the project (be specific about features) and the coding approach you'll take.>

What have you done so far with this idea: <Include any work or research on this project you have already done. Sharing the project idea on the packetfence-devel mailing list in advance of your application is a good idea; if you have done so, summarize the list response to your project idea/approach. Note: summarize the discussion here; do NOT just link to the packetfence-devel archive.>

Anticipated challenges: <Identify any challenges or risks there are to the project not being as successful as you hope or not being complete by the end of the GSoC term.>


Schedule of Deliverables

Milestones and deliverables schedule: <What are the milestones and deliverables for your project? It should take the form of a list with dates and deliverables. A task and/or milestone for each week of the development period is a good idea, since it will help your mentor keep you on track to complete your project. For example:
* Month/Date - Revise project plan with mentor, set up development environment
* Month/Date - Tackle highest risk activity "fetch 10000 node record through Web Services"
* Month/Date - Submit first draft code for review
etc. You get the idea. The more detailed you are, the more convinced we'll be that you've thought about this project realistically. If accepted, the first thing yo'll do will be to work with your mentor to define a very specific commitment regarding deliverables and schedule to determine eligibility for full student payment at the halfway mark and at the end of the program. This will help limit disappointment for both mentors and students.>

Other commitments: <Do you have any other commitments during this time that could impact your ability to be online, coding and/or communicating with your mentor? Include school, work and family commitments.>


Open Source Development Experience

Perl Experience: <We are a Perl program, so describe any/all experience you've had writing Perl. Links appreciated.>

Experience related to your idea: <List any experience that will help you complete the implementation of your idea. Links appreciated.>

PacketFence Experience: <Preference will be given to students who have shown an interest in PacketFence already by submitting patches because it will give us another means to evaluate student coding abilities. If you've not been active in the PacketFence development community before now, please consider writing a patch before you apply or at the same time. It's not *required* but it's strongly recommended. In addition to describing your patches, please link to the mantis tickets. If you have no PacketFence coding experience, consider attempting a patch for one of the following issues as a supplement to your application:

Ticket #1080: Show some of the latest packetfence log entries somewhere under administration
Ticket #1120: node import support for more input fields
>

Other Open Source/Free Software Experience: <If you have experience with open source development in any form, even a few bug reports or some tiny 2-line patch to something obscure, tell us! Also, link to it!>


Work Experience

Work Experience: <List any work experience you've had relevant to the proposed project, software development, networking or security. You can include paid jobs, internships, academic assistantships, etc. Identify for each job what your responsibilities were and how your success was measured (deadlines/deliverables, or just being there?).>


Academic Experience

Academic Institution: <Identify your college/university by name, and give its location (city, state/province/etc, country).>

Current Program: <Identify your major, what degree type you are working on (BA, MS, PhD, etc), and what year you are (freshman, junior, 2nd year candidate, etc).>

Anticipated Graduation: <Give the year you expect to complete your program.>

Academic Performance: <List what you're studying in university/college that is relevant, how you're doing in your program, etc. Please be specific about which programming courses you've completed. An official transcript is not necessary, but cutting and pasting the course names and grades you've earned so far will help us understand your background better and tailor project scope accordingly.>

GSoC for Credit: <Are you planning to use your GSoC project as an independent study for college credit? For this question, write "Yes" or "No". If yes, please include the title of your independent study and the name and email address of the professor who would be your independent study advisor.>

References: <Please give the names and email addresses of up to 4 computer science professors (and/or relevant employers) who can vouch for your Perl experience.>


Why PacketFence?

You're applying to work with PacketFence during GSoC because: <Tell us why you chose to apply with us. Be as specific as possible.>

After GSoC, you envision your involvement with PacketFence will be: <Over? Ongoing? Evolve into being a core contributor or committer? Tell us what you envision your participation with the PacketFence development community will be like after GSoC comes to an end?>


Additional Notes

We recommend reading:
-
http://code.google.com/p/google-summer-of-code/wiki/AdviceforStudents
-
Drupal's HOWTO: Write a Summer of Code application
Thanks for applying!

Application form largely borrowed from http://codex.wordpress.org/GSoC_2010_Application_Template