From Interlock Rochester Wiki

Revision as of 00:46, 4 March 2011 (view source) Ben Woodruff (Talk | contribs) (→2011-03-03) ← Older edit		Latest revision as of 03:01, 3 February 2012 (view source) Antitree (Talk | contribs) (→Meeting Agenda / Minutes)
(2 intermediate revisions not shown)
Line 22:		Line 22:
	= Meeting Agenda / Minutes =		= Meeting Agenda / Minutes =
		+	== 2012-02-02 ==
		+	* reviewed notes from last meeting
		+	** wifi password - keeping it the same as last month
		+	** action items:
		+	*** FreeNAS: Incomplete - JustBill
		+	*** OSSIM: Incomplete. Plan to virtualize and implement. -Carl
		+	*** Doorduino: Incomplete. LDAP, python script, hardware implemented and tested. Testing is unreliable possibly due to hardware issue.
		+	** NYSYS: Seems reliable. There was a problem with the WAN hub that was replace by JustBill. To stop this from happening in the future, we need to setup proper grounding.
		+	* we need to change the password for members
		+	** plan to wait until member meeting
		+	** will give out JustBill's phone number for support
		+	* Meraki: Still getting $10/mo. Not planning on expanding coverage
		+	* pfSense Failure
		+	** someone was plugging in their phone to charge it into the firewall!
		+	** CDROM caused crash - remediated and stable.
		+	* Network room lock
		+	** have lock but no keys
		+	** plan to implement with a door strike and iButton
		+	* Hacker network - needs a new AP. JustBill will supply. AntiTree will implement
		+	* VPN Access - needs to be updated
		+
		+	Action Items:
		+	* Ground the server room: JustBill
		+	* Implement warzone: AntiTree
		+	* Reimplement VPN: Carl
		+	== 2011-04-07 ==
		+	* Begin planning of possible isolation of project network from production environment.
		+	** Agreed to split project network into two networks: the project network as it exists now will become the "development" network, and a new "project" network will be created by Chris that more closely resembled the warzone (without the open warfare)
		+	* LDAP update - you know who you are.
		+	** Progress has been made, no ETA yet
		+	* ESX updates - will be going over more technical description of what available.
		+	** Bill gave us a brief intro to what he has been working on with our VMWare environment. Will be having a class for people who wish to admin the setup within the next few months
	== 2011-03-03 ==		== 2011-03-03 ==
	* LDAP		* LDAP
Line 30:		Line 62:
	** Wishlist		** Wishlist
	*** Will review hardware		*** Will review hardware
		+	**** Looks good but add PCI-Express Intel NIC (est. $60) and consider hard drive choice
	** Next big project expense after SDR?		** Next big project expense after SDR?
	*** Possibly but bring to the whole group		*** Possibly but bring to the whole group

---

Latest revision as of 03:01, 3 February 2012

Contents 1 Network Infrastructure Group 1.1 Current Projects 1.2 Proposed Projects 2 Meeting Agenda / Minutes 2.1 2012-02-02 2.2 2011-04-07 2.3 2011-03-03 2.4 2010-12-02

Network Infrastructure Group

The network infrastructure group is a project group that is responsible for designing and implementing networks for Interlock, as well as keeping the Infrastructure#Network wiki page updated, and creating and maintaining the network acceptable use policy.

Current Projects

(projects approved by the group)

• LDAP services

Proposed Projects

• ChaosVPN
• Define network infrastructure group
• Labeling network jacks
• Documentation
  • Network
  • Services
  • Diagrams (Physical, logical)
  • Password
  • Inventory
• Phone System
• IDS/IPS
• A/V Link

Meeting Agenda / Minutes

2012-02-02

• reviewed notes from last meeting
  • wifi password - keeping it the same as last month
  • action items:
    • FreeNAS: Incomplete - JustBill
    • OSSIM: Incomplete. Plan to virtualize and implement. -Carl
    • Doorduino: Incomplete. LDAP, python script, hardware implemented and tested. Testing is unreliable possibly due to hardware issue.
  • NYSYS: Seems reliable. There was a problem with the WAN hub that was replace by JustBill. To stop this from happening in the future, we need to setup proper grounding.
• we need to change the password for members
  • plan to wait until member meeting
  • will give out JustBill's phone number for support
• Meraki: Still getting $10/mo. Not planning on expanding coverage
• pfSense Failure
  • someone was plugging in their phone to charge it into the firewall!
  • CDROM caused crash - remediated and stable.
• Network room lock
  • have lock but no keys
  • plan to implement with a door strike and iButton
• Hacker network - needs a new AP. JustBill will supply. AntiTree will implement
• VPN Access - needs to be updated

Action Items:

• Ground the server room: JustBill
• Implement warzone: AntiTree
• Reimplement VPN: Carl

2011-04-07

• Begin planning of possible isolation of project network from production environment.
  • Agreed to split project network into two networks: the project network as it exists now will become the "development" network, and a new "project" network will be created by Chris that more closely resembled the warzone (without the open warfare)
• LDAP update - you know who you are.
  • Progress has been made, no ETA yet
• ESX updates - will be going over more technical description of what available.
  • Bill gave us a brief intro to what he has been working on with our VMWare environment. Will be having a class for people who wish to admin the setup within the next few months

2011-03-03

• LDAP
  • John is going to take over the task
  • We gave him feedback on properties that would be needed
  • Web interface - need volunteer to design
• Status of our ESX ecosystem
  • Wishlist
    • Will review hardware
      • Looks good but add PCI-Express Intel NIC (est. $60) and consider hard drive choice
  • Next big project expense after SDR?
    • Possibly but bring to the whole group
  • Need a volunteer to be another admin on the ESX boxes, currently Bill is only admin - GOOD TRAINING!
• Routing and switching
  • Would like someone to review our setup and make recommendations (looking for volunteers)
    • No immediate volunteers but suggestion to setup some monitoring tools (see below)
• Services
  • Am building a bind, dhcpd, and other services environment, if anyone would like to help I could use them
    • Carl and John will take a look as well
  • Goals: get services off pfSense, have failover, generally be robust
• Monitoring
  • Discussion on tools and implementation
    • MRTG, snort, OSSIM, etc
• Open forum
  • Change MAC address on Doorduino
    • There is a private space to pick from (John will pick one)
  • Meraki
    • Move to 3rd floor or roof
    • Talk to Larry (Ben)
    • Possibly deploy more
    • Consider renewing the license (donations coming from it should cover it)

2010-12-02

• phone update
  • successfull established a trunk to HackPGH
  • need to open up more ports
  • we will pick up a pay phone in March
  • need to get a POTS card
  • Q: can we proxy SIP? A: Sure but haven't found a free one
  • Q: should we set up an XX-NNNN where everyone has the same XX or should XX be changed based on the hackerspace you're calling? A: ...
• chaosVPN
  • Q:where to implement ChaosVPN A: Warzone goes on pfsense, openctf subnet routed to warzone
• labeling
  • start but we got distracted
• ldap
  • Joe will be doing the LDAP server
• documentation
  • could be dependant on ldap server
• pfsense infrastructure
  •  ?Need Intel pro card
• documentation
  • need policies, procedures, and statement of what needs to be documented
  • put stuff on wiki
• AV link
  • haven't seen Drew in a while
  • not sure of the status
• Meraki Service Policy
  • Q: How do we handle support? A: we don't support it
  • Q: How is money handled? A: Steve gets money and he donates it
  • Bill will donate his access point to the cause
• repo mirror
  • yep but internal only. Details to be decided by interested parties
• monthly password
  • password is going to be changed after the first friday