.
FRDCSA | internal codebases | Setanta
Homepage

[Project image]
Setanta

Architecture Diagram: GIF

Jump to: Project Description | Parent Description | Capabilities

Project Description

If you can write a document describing the system, then you are a good way towards organizing its behaviour. setanta integrates most of the normal administrative tasks of our ISP into a closed loop, rapid response system. It consists of multiple components. We are going to focus on important services so that they are actually accomplished. IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). These systems are responsible for integrating various network information sources into a picture that can be composed by our systems. Using audience and RT, these systems communicate with clients as to the security situation. This is the onGuard portal. A network map exists which is under the protection of the IPS, a system responsible for defending the network against. This system is a purely defensive system - designed to work in combination with others to promote common defense. Some of the technologies that I am envisioning for this system include formalization of various ancient real-world physical security protocols, combination theorem-prover with minimax engine for defense reasoning, A.I. plan recognition. Domains it would know include: contamination, and states. It would work with Ender to play games as well. It would be comparable to cycsecure but free. A basic capability is the real-time response to email which should be added to audience. audience currently is not written well enough to response quickly to email. It has to detect the importance of the message. The importance can be calculated by looking at the importance of the sender, the relevance to the individual, the contents of the message. It should be related to a given task context. The first thing I need to write is a unilang agent that works on mail. I suppose I could have mail forwarded to audience, at which point I could start to act on it. That is really cool. That is the basis of setanta.

Capabilities

  • setanta: http://agents.fel.cvut.cz/projects/camnep/
  • setanta: cd
  • setanta: https://www.usenix.org/legacy/publications/library/proceedings/lisa2000/full_papers/gilfix/gilfix_html/index.html
  • For setanta-agent, one use case is to load it onto a VM, and give it user or even root access, and let it learn as it goes, moving files, etc. For this use case, one could think of hooking up NLU to it to understand the response of shell commands and things like that.
  • I just noticed that the way setanta kills son is similar to my case.
  • setanta is an IPS
  • By writing setanta, I can get some people on board the development end of things.
  • setanta should use aanval level 5 as maybe sign for code red
  • setanta should employ minimax (e.g. adversarial planning, plan recognition, and theorem proving) reasoning in order to adequately control the network.
  • setanta can use eye tracker to determine who has seen what security information.
  • setanta's features should be on the Wiki, and edits should be added.
  • setanta should have a very nice client-side portal.
  • setanta should keep a handle on what are the current vulnerabilities, etc.
  • setanta should give us a picture of how many customers of what significance are affected or will be affected by any network problems.
  • Any mail set by setanta should have a loop detection mail header.
  • setanta should highlight mail that comes from our people...
  • Notice similarities between shops and setanta
  • setanta should also notice how secure the machine it is running on and take measures to protect itself.
  • setanta::IPDB should link with circuits, and support the add circuits...
  • Apply setanta to Civil Liberties protection
  • setanta should passively monitor tickets and email ticket holders with links to suggested procedures...
  • setanta should get a user to commit to some action
  • setanta should recognize related tickets based on content analysis.
  • setanta's mail client should handle threads and everything
  • setanta should know what the-matrix is.
  • setanta should compute an overall picture of network damage.
  • Integrate calls into setanta.
  • No, maybe setanta?
  • setanta should detect spikes in Cacti graphs (using data not images of course)
  • setanta should measure various network latencies.
  • setanta should model "policies" which are more general practicies.
  • Work on setanta's salience modle.
  • setanta should model device semantics/APIs, for instance firewalls have ACLs that you can add and remove to block ports.
  • setanta uses File::Remote
  • setanta must archive config files to a subversion repository.
  • Modules that may be useful to setanta: Net::Ping Sys::Manage::Conn Net::Ident IPC::Session
  • Avoid feedback loops in setanta's monitoring.
  • setanta should schedule tests to keep employees on their feet.
  • setanta perl modules: SVN::Notify SVK
  • setanta should be able to configure a switch.
  • setanta should use CELT for its theorem proving component.
  • setanta should use SIGMA and vampire for its other things.
  • setanta should have a priority system like Stet to bring questions to the attention of the user based on the importance of the question, etc. Used for short term questions.
  • setanta's damage control should indicate over time the amount of people affected, the severity and the duration.
  • setanta - handle ARIN reassignments.
  • Need to create a better capabilities model for setanta, to prevent it from getting overstuffed.
  • Get setanta packaged and distributed so other's can use it.
  • setanta - be able to list scheduled maintainence.
  • setanta -http://www.mitre.org/tech/cyber/docs/tool.html
  • setanta should use the CIA project to keep appraised of software releases.
  • setanta can use ns (the network simulator)
  • setanta - one way to do this would be to look at packages and the way in which they were installed on machines at security conscious places
  • setanta should be responsible for setting things up in normal fomr.
  • setanta should notice when something is amiss.
  • One strategy for operation is to have setanta pay attention to email and if any email get's through that is considered priority (based on predefined notions of priority)
  • setanta - sort incoming request by priority based on operational (mission critical) versus development, etc.
  • setanta should from time to time log in and look at log file tails to make sure everything is operational (if the service is even up)
  • use Crypt::OpenPGP for setanta.
  • setanta should monitor discontent arising from different areas (but should not suppose that silence = contentedness)
  • setanta - manage Drills!
  • setanta knowledge base, know which applications run which ports, usually, overlapping.
  • Essentially take the existing setanta system and make it into Luigh, setanta's Charioteer.
  • setanta should have a live display interface that's always running, maybe in OpenGL?
  • Should write some process management framework for setanta.
  • setanta - add functionality to update and audit kernels.
  • setanta - in order to make better use of RT's scheduling features, write additional tools that interact with the user regarding the actual schedule.
  • setanta - organize mail into threaded topics based on subject similarity.
  • setanta - OSSIM and NetDisco
  • setanta vulnerability auditing.
  • setanta is a "protocol droid"
  • setanta should assist in altering default passwords and making sure everyone knows them (by reference to other people only)
  • setanta should monitor disk space and take action.
  • setanta and screen could be related.
  • setanta needs to make sure it is being heeded and has rapport with employees.
  • Write the system for setanta to interpret its messages.
  • setanta - cdpr?
  • Write a script to print out copies of the phone list for everyone each time Holly sends setanta a new phonelist.
  • setanta should use MTR or something to determine packet loss to machines periodically.
  • setanta should recognize hiccups.
  • setanta should measure how long it takes me to respond to new tickets, and my software should harry me if I'm not closing them.
  • Note that setanta cannot simply act as the email could be spoofed.
  • setanta can quantify what we're missing based on analysis of what the problem is and how long it takes to fix it.
  • setanta should use this syntax when opening many links for one topic: openURL(URL,new-window) followed by openURL(URL,new-tab)
  • setanta should have a way for employees to report any wishlist items (like when the rwhois form loads, it should default to such and such).
  • hound should be renamed setanta
  • For setanta/ rt-analysis, do a full text index of the database for searching
  • Use setanta to do various network tasks like rsyncing data to a different machine.
  • setanta can learn from brainleach how to solve certain problems.
  • antispam-console should spot check outgoing mail to ensure that it is not spam, and if it is, setanta will block that IP or whatever is necessary, and initate the appropriate messages.
  • setanta should use antispam-console (SA) to filter mail.
  • For setanta, we need to sit down and identify all remote manipulation stuff
  • Have all mail for setanta forwarded to the machine setanta is on?
  • setanta - all network changes should be announced to those affected several business days before the outages occur.
  • setanta should know the schedule of all actions, to know which services will slow as a result.
  • setanta - Write a program and hook it to UPS smtp system to shutdown all non-critical services in the event of a power outage.
  • setanta should have diagnostics like from akahige.


This page is part of the FWeb package.
Last updated Sat Oct 26 16:54:56 EDT 2019 .