130 likes | 228 Views
Minuwet 2.0. Aruba and More. Minuwet 1.0. Provided sanity check on wireless computers 8,370 distinct users used it in March 2008 Saved lots of IT effort chasing people – they came to us Tied to the NAA Annoying to use, even once per week Hackers can trick it with firefox settings.
E N D
Minuwet 2.0 Aruba and More
Minuwet 1.0 • Provided sanity check on wireless computers • 8,370 distinct users used it in March 2008 • Saved lots of IT effort chasing people – they came to us • Tied to the NAA • Annoying to use, even once per week • Hackers can trick it with firefox settings
Move to Aruba • Upgrade was necessary to get modern APs and to replace aging NAA • Minuwet replacement not as obvious • NAP isn’t ready, and it isn’t multiplatform • Decided to port Minuwet to support Aruba
Minuwet Aruba + 2.0 • Main reason was Aruba support • Also good time to implement improvements I had wanted to make • Make less annoying to use • Support new features available Vista • Address hacking • Improve visual design
Aruba Portion • Does not run on the ‘controller’ • Runs on one box (or cluster) and talks to all controllers • Queries Aruba for MAC, Userid, then upgrades session if appropriate
Removing Annoyance Factor • Only have to download once • Runs right in browser, no need to click anything • Never will forget to run it again • ActiveX control for Internet Explorer • Mozilla extension for Firefox • Legacy version for other browsers
Installation • Relatively easy to install • Those who can’t figure it out can ask consultants or friends • Only need to install once, only need help once • IE needs privileges to install… legacy solution for unprivileged users
Hackers • Minuwet 1.0 used standard web method to detect OS • Firefox can override the OS string, user setting • Minuwet 2.0 uses Javascript in a way users can’t easily override • Tried Java, but fewer browsers support it well • A good hacker could get around 2.0, but harder, now less reason since less annoying
New for Vista • MS added support for 3rd parties to read firewall settings • Minuwet now enforces firewall on Vista
Other Features • Blacklisting service – bad guys we refuse • Whitelisting server – good guys we admit • Records client OS type so we can plan service
Summary • Faster/easier/less annoying than 1.0 • Security – harder to hack, less need to bother • Tougher on Vista – adds firewall requirement • Nice to Firefox as well as IE • Generous to PDAs