. Search the site
FRDCSA | internal codebases | Setanta

Setanta

Architecture Diagram: GIF

Jump to: Project Description | Capabilities

Project Description

If you can write a document describing the system, then you are a good way towards organizing its behaviour. setanta integrates most of the normal administrative tasks of our ISP into a closed loop, rapid response system. It consists of multiple components. We are going to focus on important services so that they are actually accomplished. IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). These systems are responsible for integrating various network information sources into a picture that can be composed by our systems. Using audience and RT, these systems communicate with clients as to the security situation. This is the onGuard portal. A network map exists which is under the protection of the IPS, a system responsible for defending the network against. This system is a purely defensive system - designed to work in combination with others to promote common defense. Some of the technologies that I am envisioning for this system include formalization of various ancient real-world physical security protocols, combination theorem-prover with minimax engine for defense reasoning, A.I. plan recognition. Domains it would know include: contamination, and states. It would work with ender to play games as well. It would be comparable to cycsecure but free. A basic capability is the real-time response to email which should be added to audience. audience currently is not written well enough to response quickly to email. It has to detect the importance of the message. The importance can be calculated by looking at the importance of the sender, the relevance to the individual, the contents of the message. It should be related to a given task context. The first thing I need to write is a unilang agent that works on mail. I suppose I could have mail forwarded to audience, at which point I could start to act on it. That is really cool. That is the basis of setanta.

Capabilities

  • This is a useful IP to geographical lookup system, could be part of setanta? http://www.seomoz.org/ip2loc/ip2loc.php
  • setanta should use this syntax when opening many links for one topic: openURL(URL,new-window) followed by openURL(URL,new-tab)
  • setanta can quantify what we're missing based on analysis of what the problem is and how long it takes to fix it.
  • Note that setanta cannot simply act as the email could be spoofed.
  • setanta should measure how long it takes me to respond to new tickets, and my software should harry me if I'm not closing them.
  • setanta should recognize hiccups.
  • setanta should use MTR or something to determine packet loss to machines periodically.
  • Write a script to print out copies of the phone list for everyone each time Holly sends setanta a new phonelist.
  • setanta - Write a program and hook it to UPS smtp system to shutdown all non-critical services in the event of a power outage.
  • setanta - cdpr?
  • setanta needs to make sure it is being heeded and has rapport with employees.
  • Write the system for setanta to interpret its messages.
  • setanta and screen could be related.
  • setanta should assist in altering default passwords and making sure everyone knows them (by reference to other people only)
  • setanta - By running a chkrootkit or something you can tell with a certain probability whether a system has been infected. If there is strange behaviour coming from a system, run this command.
  • setanta should monitor disk space and take action.
  • setanta - OSSIM and NetDisco
  • setanta is a "protocol droid"
  • setanta vulnerability auditing.
  • setanta - organize mail into threaded topics based on subject similarity.
  • setanta - add functionality to update and audit kernels.
  • Should write some process management framework for setanta.
  • setanta - in order to make better use of RT's scheduling features, write additional tools that interact with the user regarding the actual schedule.
  • setanta should have a live display interface that's always running, maybe in OpenGL?
  • setanta - manage Drills!
  • Essentially take the existing setanta system and make it into Luigh, setanta's Charioteer.
  • setanta knowledge base, know which applications run which ports, usually, overlapping.
  • setanta should monitor discontent arising from different areas (but should not suppose that silence = contentedness)
  • setanta should have diagnostics like from akahige.
  • use Crypt::OpenPGP for setanta.
  • setanta should from time to time log in and look at log file tails to make sure everything is operational (if the service is even up)
  • setanta - sort incoming request by priority based on operational (mission critical) versus development, etc.
  • setanta should have a way for employees to report any wishlist items (like when the rwhois form loads, it should default to such and such).
  • mush? setanta?
  • One strategy for operation is to have setanta pay attention to email and if any email get's through that is considered priority (based on predefined notions of priority)
  • setanta should be responsible for setting things up in normal fomr.
  • setanta should know the schedule of all actions, to know which services will slow as a result.
  • setanta should notice when something is amiss.
  • setanta - all network changes should be announced to those affected several business days before the outages occur.
  • I can work on study and setanta at the same time by applying ems to the report generation process. The report generation process can also be looked at as an information synthesis process.
  • setanta can use ns (the network simulator)
  • Have to define some critical success factors for setanta and other projects. Distill this information from these logs.
  • setanta should use the CIA project to keep appraised of software releases.
  • setanta - one way to do this would be to look at packages and the way in which they were installed on machines at security conscious places
  • setanta should look over the user's back and comment on security. For instance, if you are using a certain version of software, that is known to be exploited etc.
  • setanta - be able to list scheduled maintainence.
  • setanta -http://www.mitre.org/tech/cyber/docs/tool.html
  • To counter new spam techniques (record the source of the information), setanta should either: * Give each customer their own subnet. * Null-route unused IP addresses in your network space, or otherwise make sure that there's a legitimate server somewhere that will claim them. * Monitor your local network for interfaces transmitting ARP responses they shouldn't be.
  • Get setanta packaged and distributed so other's can use it.
  • setanta's damage control should indicate over time the amount of people affected, the severity and the duration.
  • Need to create a better capabilities model for setanta, to prevent it from getting overstuffed.
  • setanta should have a priority system like Stet to bring questions to the attention of the user based on the importance of the question, etc. Used for short term questions.
  • setanta - handle ARIN reassignments.
  • setanta should use SIGMA and vampire for its other things.
  • setanta should use CELT for its theorem proving component.
  • setanta should be able to configure a switch.
  • Have all mail for setanta forwarded to the machine setanta is on?
  • By consolidating all information through setanta, we risk corrupting it if setanta has a problem. Ponder therefore how to prevent this.
  • Avoid feedback loops in setanta's monitoring.
  • setanta should schedule tests to keep employees on their feet.
  • setanta perl modules: SVN::Notify SVK
  • setanta must archive config files to a subversion repository.
  • Modules that may be useful to setanta: Net::Ping Sys::Manage::Conn Net::Ident IPC::Session
  • setanta uses File::Remote
  • setanta should model "policies" which are more general practicies.
  • setanta - setup component about who knows what, if they don't know facts, link to a report that does give them the facts. Therefore, reports, and who has seen them, must be available somewhere as as a consistent part of the onGuard portal.
  • setanta should model device semantics/APIs, for instance firewalls have ACLs that you can add and remove to block ports.
  • Work on setanta's salience modle.
  • setanta has to have ways to manage its data. And, it can analyze data for different users (knowing what they do and do not know, using various cognitive modelling tools I can write.
  • setanta should run checks on as many services as possible. Also should check disk space and contact and warn us. Another thing is that it should kind of summarize report information to filter out useless noise. It should also model what different people know about different problems using the analyst model from clear.
  • setanta should measure various network latencies.
  • setanta should detect spikes in Cacti graphs (using data not images of course)
  • No, maybe setanta?
  • Use setanta to do various network tasks like rsyncing data to a different machine.
  • setanta should compute an overall picture of network damage.
  • setanta should use antispam-console (SA) to filter mail.
  • Integrate calls into setanta.
  • setanta should rate messages as being positive. For instance a message saying we have a new user is most likely positivie.
  • setanta should know what the-matrix is.
  • setanta should recognize related tickets based on content analysis.
  • setanta's mail client should handle threads and everything
  • setanta should get a user to commit to some action
  • For setanta/ rt-analysis, do a full text index of the database for searching
  • setanta should passively monitor tickets and email ticket holders with links to suggested procedures...
  • setanta::IPDB should link with circuits, and support the add circuits...
  • Apply setanta to Civil Liberties protection
  • Note that setanta will be problematic, like shops, unless we do the proper software engineering things. We need to increase security monitoring, and this would involve teaching me how to do it.
  • Very often we find that when we are seeing problems, the reality is that these are the result of deliberate maintenance and upgrades. Therefore, it would be nice to know what network changes are the result of planned changes and what aren't. And that should be setanta's job.
  • setanta should also notice how secure the machine it is running on and take measures to protect itself.
  • Maybe use BDI agent based approach for setanta. Could use Jason, Spark or something.
  • antispam-console should spot check outgoing mail to ensure that it is not spam, and if it is, setanta will block that IP or whatever is necessary, and initate the appropriate messages.
  • For setanta, we need to sit down and identify all remote manipulation stuff
  • Notice similarities between shops and setanta
  • Any mail set by setanta should have a loop detection mail header.
  • setanta's reporting end is really a logical outgrowth of its monitoring end, which hasn't been written yet. How can we provide good data if we aren't even monitoring. Therefore, some problems therein need to be solved.
  • setanta should highlight mail that comes from our people...
  • setanta should schedule network changes ahead of time, that way, before the actual change occurs, customers can be notified. Use GIPO to derive the planning domains. Set up proper time management to get all of this done.
  • setanta should give us a picture of how many customers of what significance are affected or will be affected by any network problems.
  • setanta should be able to reconstruct networks as they were. also, to model uncertainty.
  • setanta's features should be on the Wiki, and edits should be added.
  • setanta should keep a handle on what are the current vulnerabilities, etc.
  • setanta should occasionally log onto firewalls and make sure they are configured properly. Note "out of the ordinary" things. Maybe use eye tracking, eh?
  • setanta should have a very nice client-side portal.
  • setanta should use aanval level 5 as maybe sign for code red
  • By writing setanta, I can get some people on board the development end of things.
  • setanta should employ minimax (e.g. adversarial planning, plan recognition, and theorem proving) reasoning in order to adequately control the network.
  • setanta must be aware of what are the known security violations with our software systems. Upgrade or exploit detection and response. Therefore, the scheduling of time to develop new rules, or in general, the monitoring of open gaps in the dike, must be taken seriously.
  • setanta can use eye tracker to determine who has seen what security information.
  • setanta can learn from brainleach how to solve certain problems.
  • setanta can learn from the rt-analysis system. The trouble-shooting system must provide reasonable troubleshooting of tickets, proposing solutions (based on previous ticket experience and information being recorded)
  • setanta is an IPS
  • Setup setanta to view the different scale of networks and provide network response visualization (contaminated systems), also to use my inferencing engine to display high level threat assessment. The various parts of the network will be illustrated in color by that stuff.
  • I just noticed that the way setanta kills son is similar to my case.
  • Hound should be renamed setanta

This page is part of the FWeb package.
It derives from the Robotics Institute projects page.
Last updated Mon Jan 15 08:38:56 CST 2007 .