Team MITRESentinel Final Presentation

Mark NowickiMichael Dunn

Kate BrownDave Tittle

12/8/2008 Purdue University - CS 307 1

Overview

• Motivation• Product Features• Design• Results• Challenges• Future Work• Plan for Demo

12/8/2008 Purdue University - CS 307 2

Motivation

• MITRE produces XML files that contain workstation configuration information

• However, XML file checking is:– Tedious– Time consuming– Prone to human error

• Automation will speed the process and decrease error

12/8/2008 Purdue University - CS 307 3

Product Features

• Core functionality:– Retains, compares, and parses XML files– Baseline management (Previous configurations)– Alerts administration of crucial differences

• Overall:– Reduces time needed to monitor a network

12/8/2008 Purdue University - CS 307 4

Design

• Solution: – Python and MySQL implementation– Open Source Solution

12/8/2008 Purdue University - CS 307 5

Design, cont.

12/8/2008 Purdue University - CS 307 6

Design, cont.

12/8/2008 Purdue University - CS 307 7

Design, cont.

12/8/2008 Purdue University - CS 307 8

Experiments

• Inexperience:– Python & MySQL– Software Engineering Practices– Deadlines– Metrics• Code Coverage (PyUnit)

12/8/2008 Purdue University - CS 307 9

Results• No Test Bed– Configurations Files– Performance Testing

• Trouble Out of the Box– Software not perfect as-is– Component functionality

• Performance– Overhead: Database and FTP

12/8/2008 Purdue University - CS 307 10

Challenges

• New Language, New Environment• Freedom, Horrible Freedom• Lessons Learned:– Setting Boundaries– Overhead Time– Time Management– SVN for documentation• Assembla.com

12/8/2008 Purdue University - CS 307 11

Robustness

• Extensive error checking– If one file goes bad:• error message returned• move to next file (continue execution)

12/8/2008 Purdue University - CS 307 12

Future Work

• Requirements not met:– Scheduler System

• Heartbeat– Email message system

• Not configured to specific MITRE system– Logging System

• Additional Features– Graphical User Interface– Streamlined Installation Configuration– Multiple Databases

12/8/2008 Purdue University - CS 307 13

Future Work, cont.

• Pitfalls of Open Source Solutions:– Infancy– Configuration required• No Out of Box functionality

12/8/2008 Purdue University - CS 307 14

Demo Plan

• Show Test Environment (MySQL)• Test individual parts• Execute – Transfer– Rule

• Execute system– Execute All

12/8/2008 Purdue University - CS 307 15

Questions?

Thank you for your time!

12/8/2008 Purdue University - CS 307 16

Special Thanks to Corporate Partner Dan Aiello, MITRE

12/8/2008 Purdue University - CS 307 17

12/8/2008 Purdue University - CS 307 18

12/8/2008 Purdue University - CS 307 19

12/8/2008 Purdue University - CS 307 20