As you may have gathered by now, I am new to this project. Yes, I have gone through all previous posts but still not very clear with the vision/mission of this project. Unfortunately for the success of this project it is vital and critical that we all understand, what it is that we are aiming for as a group.
Maybe you may have discussed this previously (offline), if so please update this message with the same.
From what I infer out of all previous posts, I have detailed a few lines. Feel free to correct/update my comments. Once again, please don't take this negatively, this message is to clarify not only ourselves but more importantly our audience as well as new developers joining the group.
(What our end product *has* to be)
Mission: To design, develop and support intelligent, platform independent and scalable, Intrusion detection system for IP Networks.
(What our vision is)
Vision: To source leading edge, open source/standards, scalable, seamless (automated) Intrusion detection system.
Requirements of this software:
1. Intrusion detection in enterprise IP networks.
2. Intelligent analysis and decision making based on log analysis.
3. Report generation based on analysis.
4. Easy to configure web interface (?)
5. Easily scalable to other networks (eg traditional telephony, mobile etc) (?)
6. Easily scalable to large domains.
If you have other points please copy the above and add to it in your message, so that new developers can just read the most uptodate message.
Architecture:
Heart of the system: Will be the program controlling the whole software (starting, terminating etc), ensuring resources are available to the whole software. This will also spawn agents based on the size of network (large network=many agents) and react to agents that have stopped responding.
Brain of the system: Analysis and decision making program. Highly intelligent and configurable, this will collate information from different agents and make decisions/tag events and notify users based on priority.
Blood/Skin/Nervous: Will be the agents, that perform various tests in the small subsection of the network they are working on, and notify brain in real time. They will receive updates from heart (such as new vulnerability outbreak etc) but send information to brain.
All this together make up Templario!
In my opinion
- Brain should be in 'C' or C++ as we need performance.
- Heart can be in java or c++, give that user interface is more important than performance.
- Agents can be in java or c++ again for portability reasons.
I think I have spoken a lot. Please include your comments as well, after which we can create a to-do list and assign work to people.
good luck!
Rahul Iyer
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Folks
As you may have gathered by now, I am new to this project. Yes, I have gone through all previous posts but still not very clear with the vision/mission of this project. Unfortunately for the success of this project it is vital and critical that we all understand, what it is that we are aiming for as a group.
Maybe you may have discussed this previously (offline), if so please update this message with the same.
From what I infer out of all previous posts, I have detailed a few lines. Feel free to correct/update my comments. Once again, please don't take this negatively, this message is to clarify not only ourselves but more importantly our audience as well as new developers joining the group.
(What our end product *has* to be)
Mission: To design, develop and support intelligent, platform independent and scalable, Intrusion detection system for IP Networks.
(What our vision is)
Vision: To source leading edge, open source/standards, scalable, seamless (automated) Intrusion detection system.
Requirements of this software:
1. Intrusion detection in enterprise IP networks.
2. Intelligent analysis and decision making based on log analysis.
3. Report generation based on analysis.
4. Easy to configure web interface (?)
5. Easily scalable to other networks (eg traditional telephony, mobile etc) (?)
6. Easily scalable to large domains.
If you have other points please copy the above and add to it in your message, so that new developers can just read the most uptodate message.
Architecture:
Heart of the system: Will be the program controlling the whole software (starting, terminating etc), ensuring resources are available to the whole software. This will also spawn agents based on the size of network (large network=many agents) and react to agents that have stopped responding.
Brain of the system: Analysis and decision making program. Highly intelligent and configurable, this will collate information from different agents and make decisions/tag events and notify users based on priority.
Blood/Skin/Nervous: Will be the agents, that perform various tests in the small subsection of the network they are working on, and notify brain in real time. They will receive updates from heart (such as new vulnerability outbreak etc) but send information to brain.
All this together make up Templario!
In my opinion
- Brain should be in 'C' or C++ as we need performance.
- Heart can be in java or c++, give that user interface is more important than performance.
- Agents can be in java or c++ again for portability reasons.
I think I have spoken a lot. Please include your comments as well, after which we can create a to-do list and assign work to people.
good luck!
Rahul Iyer
Hi, please read "Templario IDS Introduction" document in the "customer" group of SourceForge documentation for this project.