2007 novacoast inc novacoast development ucsb capstone project eron howard, vp development david...
TRANSCRIPT
www.novacoast.com2007 Novacoast Inc
Novacoast Development
UCSB Capstone Project
Eron Howard, VP Development
David Parker, Research & Development
www.novacoast.com2007 Novacoast Inc
Novacoast Overview
Focus Areas (Practices):
Systems IntegritySecurity, Identity Management
Data Center SolutionsAvailability
Productivity SolutionsResource Management, Training
Product DevelopmentVoiceRD, Castor, Zorro
Product fulfillmentSoftware Acquisition
www.novacoast.com2007 Novacoast Inc
Novacoast Overview
Company Overview
90+ employees.
Spread across 16 states. HQ in Santa Barbara..
Offices in Portland, Cincinnati, Philadelphia. Opening New York.
Just celebrated 11 years anniversary.
Development Team
18 developers.
100% UCSB CS, CE, & CCS graduates.
Santa Barbara based.
www.novacoast.com2007 Novacoast Inc
Novacoast Development
Types of Projects
Web application Development.
System Integration Programming.
Programming support for Security practice.
Product Development.
VoiceRD Enterprise Open Source VOIP
Examples of Clients (http://www.novacoast.com/clients.php)
Indigo Systems (Flir), Santa Barbara Bank & Trust
Academy of Motion Pictures, Sony Pictures
Walmart, Toyota USA, Cingular
www.novacoast.com2007 Novacoast Inc
Novacoast Development
Software
100% Linux
Open Source
Best of Breed
Programming languages
Anything non-Microsoft
The best tool for the job
(Python, PHP, XSLT...)
www.novacoast.com2007 Novacoast Inc
CAPSTONE
Capstone Projects
1) VOIP Video Conferencing Allows users to login, change system settings, transfer calls, check
voicemail.
2) Distributed Security Auditor Tools for rapid security assessments on large networks.
3) Linux Time Machine Powerful backup technology completely hidden behind simple intuitive user
interfaces.
4) Present your own project. Software only. Potentially open sourced.
www.novacoast.com2007 Novacoast Inc
VOIP Video Conferencing
Conference User features:
Users on a conference call can enable video.
Application displays all users on the conference who have video enabled.
Whoever is talking is highlighted or larger.
Conference Admin features:
Caller ID for users.
Mute/Unmute users.
Kick users.
www.novacoast.com2007 Novacoast Inc
VOIP Video Conferencing
Technologies required:
VoiceRD Open Source PBX
Asterisk video conferencing API
FLEX 3 gui design tools.
PHP SOAP Interface.
Conference Admin features:
Caller ID for users.
Mute/Unmute users.
Kick users.
www.novacoast.com2007 Novacoast Inc
VOIP Video Conferencing
Project details: 1) Build a GUI using Flex 3 designer
which generates MXML / actionscript.
2) Develop web services layer using PHP with all functionality abstracted out.
3) Use Asterisk Video API to implement backend functionality.
www.novacoast.com2007 Novacoast Inc
Distributed Security Auditor
Security assessments: internal, external, apps
Knowing no special information, break into systems like a hacker would
Obtain passwords, company data, CC numbers...
Document holes and make recommendations
www.novacoast.com2007 Novacoast Inc
Distributed Security Auditor
www.novacoast.com2007 Novacoast Inc
Distributed Security Auditor
Used to quickly assess the security of hosts on a network (and the network itself)
Automates common information gathering and scripted attacks
Communication: P2P with other hosts and client/server with the management console
www.novacoast.com2007 Novacoast Inc
DSA Architecture
Lightweight agent
Installs and runs silently, cross platform and self contained
Talks to management console and other agents
Can download files, execute commands, and send back results
Extended with plugins that are downloaded on the fly, each of which performs a specific task or attack
Rule-based attack engine
Aggregates data coming back from the agents
Constructs a big picture of the network's security
Decides how, when, and where to attack
Management console GUI
Python? Web-based with PHP and Flex? Java?
www.novacoast.com2007 Novacoast Inc
DSA Functionality
Tasks that the attack engine can “push” to agents:
List users and groups, security policies
Create new user
Dump password hashes
List shared folders, running services, open ports
Sniff network traffic
Dump SQL databases or LDAP queries
Take screenshots and log keystrokes of the active user
Read bookmarks and saved browser passwords for web admin tools
Set up ad-hoc VPN tunnel from the internal network to a management console on the Internet
www.novacoast.com2007 Novacoast Inc
Linux Time Machine
Powerful backup technology has been around for ages but nobody uses it
Make backups completely self-maintaining, painless, and easy
Cross platform backup tool under the hood, web-based configuration tool visible to users
www.novacoast.com2007 Novacoast Inc
Linux Time Machine
Backups can be stored to a locally plugged in USB disk or across the network to a file server
Snapshots are taken efficiently, storing the changes of files instead of the entire files themselves
Restoring to a previous point in time is possible because snapshots are independent
Open source tools to do all of the above are already available and just need a good UI to tie them together
We can extend the idea to a network-aware Time Machine for both desktops and servers, managing backups for multiple systems
www.novacoast.com2007 Novacoast Inc
Linux Time Machine
Web based framework for building a backup & restore UI that is easy to use
Automatically pops up when a backup drive is hotplugged with USB
In a network environment, admins can manage backups for everyone
www.novacoast.com2007 Novacoast Inc
CAPSTONE
What we will provide for you:
VOIP Project – VOIP phones and cameras.
Security Auditor – help with tools and techniques used during real world security assessments
Linux Time Machine – access to a graphics designer for designing the UI
Development servers and QA lab.
Our years of experience with running and managing open source projects.
Access to our entire development team's technical expertise for questions and design advice.