2007 novacoast inc novacoast development ucsb capstone project eron howard, vp development david...

www.novacoast.com2007 Novacoast Inc

Novacoast Development

UCSB Capstone Project

Eron Howard, VP Development

David Parker, Research & Development


Novacoast Overview

Focus Areas (Practices):

Systems IntegritySecurity, Identity Management

Data Center SolutionsAvailability

Productivity SolutionsResource Management, Training

Product DevelopmentVoiceRD, Castor, Zorro

Product fulfillmentSoftware Acquisition


Novacoast Overview

Company Overview

90+ employees.

Spread across 16 states. HQ in Santa Barbara..

Offices in Portland, Cincinnati, Philadelphia. Opening New York.

Just celebrated 11 years anniversary.

Development Team

18 developers.

100% UCSB CS, CE, & CCS graduates.

Santa Barbara based.



Types of Projects

Web application Development.

System Integration Programming.

Programming support for Security practice.

Product Development.

VoiceRD Enterprise Open Source VOIP

Examples of Clients (http://www.novacoast.com/clients.php)

Indigo Systems (Flir), Santa Barbara Bank & Trust

Academy of Motion Pictures, Sony Pictures

Walmart, Toyota USA, Cingular



Software

100% Linux

Open Source

Best of Breed

Programming languages

Anything non-Microsoft

The best tool for the job

(Python, PHP, XSLT...)


CAPSTONE

Capstone Projects

1) VOIP Video Conferencing Allows users to login, change system settings, transfer calls, check

voicemail.

2) Distributed Security Auditor Tools for rapid security assessments on large networks.

3) Linux Time Machine Powerful backup technology completely hidden behind simple intuitive user

interfaces.

4) Present your own project. Software only. Potentially open sourced.


VOIP Video Conferencing

Conference User features:

Users on a conference call can enable video.

Application displays all users on the conference who have video enabled.

Whoever is talking is highlighted or larger.

Conference Admin features:

Caller ID for users.

Mute/Unmute users.

Kick users.



Technologies required:

VoiceRD Open Source PBX

Asterisk video conferencing API

FLEX 3 gui design tools.

PHP SOAP Interface.

Conference Admin features:

Caller ID for users.

Mute/Unmute users.

Kick users.



Project details: 1) Build a GUI using Flex 3 designer

which generates MXML / actionscript.

2) Develop web services layer using PHP with all functionality abstracted out.

3) Use Asterisk Video API to implement backend functionality.


Distributed Security Auditor

Security assessments: internal, external, apps

Knowing no special information, break into systems like a hacker would

Obtain passwords, company data, CC numbers...

Document holes and make recommendations



Used to quickly assess the security of hosts on a network (and the network itself)

Automates common information gathering and scripted attacks

Communication: P2P with other hosts and client/server with the management console


DSA Architecture

Lightweight agent

Installs and runs silently, cross platform and self contained

Talks to management console and other agents

Can download files, execute commands, and send back results

Extended with plugins that are downloaded on the fly, each of which performs a specific task or attack

Rule-based attack engine

Aggregates data coming back from the agents

Constructs a big picture of the network's security

Decides how, when, and where to attack

Management console GUI

Python? Web-based with PHP and Flex? Java?


DSA Functionality

Tasks that the attack engine can “push” to agents:

List users and groups, security policies

Create new user

Dump password hashes

List shared folders, running services, open ports

Sniff network traffic

Dump SQL databases or LDAP queries

Take screenshots and log keystrokes of the active user

Read bookmarks and saved browser passwords for web admin tools

Set up ad-hoc VPN tunnel from the internal network to a management console on the Internet


Linux Time Machine

Powerful backup technology has been around for ages but nobody uses it

Make backups completely self-maintaining, painless, and easy

Cross platform backup tool under the hood, web-based configuration tool visible to users


Linux Time Machine

Backups can be stored to a locally plugged in USB disk or across the network to a file server

Snapshots are taken efficiently, storing the changes of files instead of the entire files themselves

Restoring to a previous point in time is possible because snapshots are independent

Open source tools to do all of the above are already available and just need a good UI to tie them together

We can extend the idea to a network-aware Time Machine for both desktops and servers, managing backups for multiple systems


Linux Time Machine

Web based framework for building a backup & restore UI that is easy to use

Automatically pops up when a backup drive is hotplugged with USB

In a network environment, admins can manage backups for everyone


CAPSTONE

What we will provide for you:

VOIP Project – VOIP phones and cameras.

Security Auditor – help with tools and techniques used during real world security assessments

Linux Time Machine – access to a graphics designer for designing the UI

Development servers and QA lab.

Our years of experience with running and managing open source projects.

Access to our entire development team's technical expertise for questions and design advice.

2007 novacoast inc novacoast development ucsb capstone project eron howard, vp development david...

Documents