GUI/Flow Help for creating easiest to use Central management for CPF

Melih · July 26, 2006, 5:11pm

On behalf of everyone at Comodo we wish your daughter all the best and a speedy recovery.

Melih

m0ng0d · July 27, 2006, 1:11am

As you can tell, I’m interested in a system that doesn’t shift roles everytime there is a reboot, and as often as possible keeps things centralized.

I think the first thing we need to nail down is who the target audience is.

If it’s the average user, there is most likely only one PC in the house, and CMC looses it’s value.
The number of “IT savy” SOHO users will outnumber the average users with over 1 or 2 PC’s, and will want a “central solution”
corporate audiences will be looking for something entirely different; something integrated with or more likely replacing ISA Server

… and then again, I could be wrong.

Manually promoting a subordinate could be… subordinate’s 1 hour timer runs out since master last seen and throws an election for a new master… i.e. “manual promotion” could be clicking a Yes button.

IMHO, let’s not forget the fact that CAVS and CPF have autoupdaters… how much value does CMC bring, unless I am technically savy enough to make the decision to turn off the auto-updates, in favour of pushing out the updates manually (via CMC), so that I can control the environment? This isn’t Joe user, this is a network admin acting in the same way as when they control service packs to ensure the corporate IT software solutions still run before rolling out system wide changes.

I’m coming full circle… The application I want for my home LAN is the distribution and syncing of rules; and let the autoupdater do it’s job.

m0ng0d post:22:

hmmm… Is it just network control rules that are being propegated here? or are Application Rules also going to be distributed? If so, how will the importing the distributed rules handle the applications not being installed in the same path, or being of the same version / Service pack?

(I’ll be thinking about this as I am typing, so be prepared for some evolution throughout this post)

I’m also not so sure the first version of this tool needs to be so complex right away. Depending of course on your target audience.

I’m here to offer my perspective, a home user of CPF who currently has CPF installed on his PC. There are 4 other PC’s waiting for CPF in my household (one’s actually going to get reloaded with Win2K3 Server when I get motivated), and after learning that the rules can be exported from the registry, I’m one step closer to a full scale distribution. So my less complex offering stems from this.

In my house, on my workgroup, my PC is King… I share some drive space with my wife’s and kid’s PCs, manage printer shares, etc… So if I were to think of a Central Management solution, my PC would be the center of it. And it would begin with something simple like an export of my current settings stored in a file, that file would be available over the LAN, and other satellite CPF installations looked to and sync’d with it. If you wanted, the satellites could even take a copy of the file in case one needed to make an emergency new “master”.

Now, it can be an application outside of CPF that acts as either the client “sniffer” or server “publisher”. This tool would handle updating the config file from my PC, propegating my rules. This tool would be loaded on the client PC’s in slave mode, polling the rules and importing where required.

You could even control which rules get pushed out by using an msconfig.exe style of checkboxes that is used on it’s “startup” tab. Display all the rules that were exported from the master, and check off the ones you actually want the clients to import… no sense importing rules for software that they don’t have loaded.

And there is no rule that says the “central file” (whether replicated between the clients or not) only has rules in it. Configuration by PC, showing who the master is, whether satellite created rules get pushed around as well, etc… could be included.

Maybe I am oversimplifying, but boot time arbitration of who the master is… is too complex in the first phase (if needed at all); from the perspective of my little LAN. And if targetting larger fish like corporations… you know they are going to want the “middle” to be their server. It just makes sense to me to start that way.

Give the Central Management tool a center! ;D

Below is the post that suggested scrapping CMC in favour of making CPF able to manage Network Rule distribution.

m0ng0d post:24:

Ok… if we are boiling this down to NM rules only, I don’t think that we’d need to worry about massaging the rules. If I look at the rules I created, any time i was referring to my PC, it was either Any or My ZONE… which would work great anywhere else on the LAN.

So if we are talking about pushing out 5 NM rules, let’s make it easier…

Either define a “Management Zone” (or let it be a “property” to set on the current Zones) or allow the ability to create a list of PC’s to sync with from within CPF

Extend the NM rule Add/edit/delete “events” to prompt the user “Do you want to propegate your change?” and if “yes”, propegate it to the “management zone” or PC List

To better handle “no” responses completely, add a “Propegate Selected Rule” to the context menu (right click) of the rules. In this way, I can say “no” until i feel i’ve got the rule right, then push it manually

When the recipient of the pushed updates receives the rule(s), it can check them against it’s curent list and only apply the changes (if we want to be fancy/safe), or if we always make sure the complete rule list is always sent then just let the received update overwrite what was there before.

No muss, no fuss, no worries about who is master, or who can change the rules… somehow define “who should get updates I make to NM” and allow the changes/additions/deletions to be pushed to that list.

panic · July 27, 2006, 3:45am

Hey Dan,

You’ve raised a good point there. If an update requires a reboot of the current master, the master should send a flag to all other PCs on the LAN to suspend arbitration until it has rebooted and reinitialised. Thanks for that.

I think the first thing we need to nail down is who the target audience is.

If it’s the average user, there is most likely only one PC in the house, and CMC looses it’s value.

The number of “IT savy” SOHO users will outnumber the average users with over1- 2 PC’s, and will want a “central solution”

corporate audiences will be looking for someting entirely different; most likely integrated with Active Directory, Kerberose, LDAP, etc…

Agreed, single PC environments are already as central as it is possible to get.
See below
I hadn’t really thought of CMC in a corporate environment, primarily for the reasons you stated.

On to point 2 - home usage in a multi PC environment.

I can only speak from my own experiences and from published stats here in Australia, but the number of homes with one or more PCs in the three Eastern Australian states is over 65%, and of these, 55% have two or more PCs. From my own experience, the term “IT aware” would be more appropriate that “IT savvy”, when applied to the owners of these multi PC households.

The intelligence that is being built into routers, NICs etc. is making it almost too easy to make things work together, and once they are working, most people just don’t care HOW they are working, just whether they ARE. They don’t want to have to monitor, fine tune, optimize, tweak or fiddle - thats the job of an IT guy - they just want to be able to use the internet and their PC.

I may be underestimating the knowledge levels of your average household, but I don’t think so (maybe Aussies are just dumber than Canucks ;)). I wanted to make a product that had the intelligence that the average householder lacked - i.e. - are we all current - are we all consistent - are we all activated - are we all protected? You and I may make the consistency and security of our apps a priority, but how many times have you come across someone who has an antivirus but hasn’t updated it or renewed the subscriptions for a couple of weeks, months, years, and yet thinks they are protected?

The whole idea of the decentralised master was to totally eliminate any dependance on any one PC, allowing for the totally ad-hoc nature of most home networks.

Manually promoting a subordinate could be... subordinate's 1 hour timer runs out since master last seen and throws an election for a new master... i.e. "manual promotion" could be clicking a [b]Yes[/b] button.
I’m coming full circle… The application I want for my home LAN is the distribution and syncing of rules; and let the autoupdater do it’s job.

OK, why even bother to have to rely on a human to click a button, if all the PC is going to do is arbitrate as to who the next master is? What happens if there’s no human around? Does it just sit there ad infinitum waiting for a human to show up? What if the YES button is on a PC that the next available human isn’t using? Sorry, but I just don’t get the reliance on human intervention.

If you’re happy with the distribution and synching of rules, why not extend this to updates for applications? I don’t see the difference. Its just a set of application specific data, just fro a different but related purpose.

Dan, please undrstand I’m not just shooting your ideas down. I’m trying to understand where you’re coming from with a reliance on a single server-type PC. I just can’t reconcile this corporate, control driven approach when applied to a dynamic, peer to peer home network. I don’t want my home to run like my work (then again, I didn’t want my work to run like a three ring circus, but here we are… :D)

m0ng0d · July 27, 2006, 6:05am

I’d say that these people aren’t looking for CMC as a update distribution system. All they will care is that the Autoupdaters for the application(s) & definitions work. I’m not saying CMC will not work as discussed, it will function just like a grenade will successfully mash a potato… it’s overkill. The autoupdater distribution system is fully functional and already implimented; Joe user is appeased that each of his/her PC’s is running with the latest release versions & definitions.

I firmly beleive that what is (or should) being discussed here is for the propellor-heads and the propellor-heads in training. It’s the only audience I can see using it. So let’s call the spade a spade, and design something for the intended audience.

(V)

panic · July 27, 2006, 7:34am

Loved the grenade line!

Ryan gave a good reason why CMC would work as an update mechanism - he is on satellite and has a download cap before his speed is throttled. With CMC, only one “group” download occurs. Without, each PC has to do its own, increasing total internet download.

“I’d say that these people aren’t looking for CMC as a update distribution system.”
“These people”, unfortunately, aren’t looking for/at anything, as they don’t know/appreciate what they are looking at. “These people” wouldn’t know if their kids had disabled the firewall because it stops them from ripping off movies and songs quickly enough. “These people” don’t know or appreciate how quickly security software needs updating. “These people” generally know a tenth of what their kids do about PCs and the internet and its inherent risks. “These people” don’t really know enough to not read dud emails and wouldn’t know if they got zombied if they did.

“These people”, I believe, are the intended audience.

The propellorheads already know, or should already know, what needs to be done. CMC, in this instance, is a tool of convenience.

“These people” have no idea what to do, and CMC is a tool of necessity, bought about by ignorance.

Is there any reason CMC couldn’t operate in either manner, to satisfy both groups? Do you think this would over complicate things?

Thanks again.
Ewen

m0ng0d · July 27, 2006, 12:12pm

panic post:45:

Loved the grenade line!

Ryan gave a good reason why CMC would work as an update mechanism - he is on satellite and has a download cap before his speed is throttled. With CMC, only one “group” download occurs. Without, each PC has to do its own, increasing total internet download.

“I’d say that these people aren’t looking for CMC as a update distribution system.”
“These people”, unfortunately, aren’t looking for/at anything, as they don’t know/appreciate what they are looking at. “These people” wouldn’t know if their kids had disabled the firewall because it stops them from ripping off movies and songs quickly enough. “These people” don’t know or appreciate how quickly security software needs updating. “These people” generally know a tenth of what their kids do about PCs and the internet and its inherent risks. “These people” don’t really know enough to not read dud emails and wouldn’t know if they got zombied if they did.

“These people”, I believe, are the intended audience.

Ok, bandwidth caps is a very valid reason for an update distribution system.

How is CMC going to protect Joe User from their kids in a foolproof manner? Will CMC be non-stoppable and uninstallable? Will the configuration screens of CMC be locked, password protected? What protects the parent from their kid watching them key in their password, changing it on them, and effectively locking the parent out?

Food for thought… Parental control of an application could be part of the app, set at install time and need to be enforced by CLP and the applications exe so that a child cannot shut anything down or get access to a config page without the password.

If you build it, they will come. I hope they do.

I’ll agree that I am looking for a tool of convenience. In the end, the convenience I am looking for may be best dealt with within the applications (like my CPF example of Rule Distribution). Either that, or i would want the ability to turn off 90% of what the finished CMC does.

I’m in favor of not bloating any application, including CMC, so I’d rather see…

renaming the CMC project to CUBS [Comodo Update Bandwidth Saver]
moving parent protection/assurance into the Behavior Blocker or a new Parent Control tool… or focus it as I suggested earlier within the application(s) and CLP
Starting a new thread for CPF NM Rules propegation/distribution

panic · July 27, 2006, 1:31pm

Melih suggested very early on that authentication should be considered in passing and receiving information. What do Comodo excel at? Authentication services and certificates. I suggested that Comodo could build a form of the personal email certificate that is issued and installed to authenticate (to prevent MITM attacks) transfer of data. I thought this side of things was best left to them, so I didn’t mention it. My apologies for that.

What protects the parent from their kid watching them key in their password, changing it on them, and effectively locking the parent out?

If the kid is spying on the parents, then he’s the kind of kid whose parents would probably need this! Separate to CMC, this is where CRBWS (Comodo Really Big Whacking Stick) would come in.

I don’t know how you stop this, other than using an ounce of sense.

Blind them, perhaps?

CMC would have to be, at a minimum, password protected for login and propogation, with the possibility of a private key to be reinstalled from a remote media. But is this making it too much fro Mr. Average?

Food for thought... [i]Parental control of an application could be part of the app, set at install time and need to be enforced by CLP and the applications exe so that a child cannot shut anything down or get access to a config page without the password.[/i]

Ryan has already suggested this, and I think it’s a worthwhile idea. The parental control logs cold be passed, along with the firewall logs for examination in the CMC console. Yes?

I'll agree that I am looking for a tool of convenience. In the end, the convenience I am looking for may be best dealt with within the applications (like my CPF example of Rule Distribution). Either that, or i would want the ability to turn off 90% of what the finished CMC does.

Categorically, CMC should have the ability to be tunable in what it passes back to the slaves.

I'm in favor of not bloating any application, including CMC, so I'd rather see...

But wouldn’t it be better to add FW rule distribution, AV scan schedules, backup schedules and application updates managed from a central console, rather than add distribution and propogation functions to multiple apps?

- renaming the [b]CMC[/b] project to [b]CUBS[/b] [Comodo Update Bandwidth Saver] - moving parent protection/assurance into the Behavior Blocker or a new Parent Control tool... or focus it as I suggested earlier within the application(s) and CLP - Starting a new thread for CPF NM Rules propegation/distribution

I dont think bandwidth control would have sufficient benefit to enough users, or be sufficinetly compelling to Comodo to invest the time in. I might be wrong in my thinking, though.
You may be on to something there - parental control would fit under hte umbrella of behaviour blocking.
I think this should be referred to the guys at Comodo, before it gets spun off. I dont know their thoughts on where this thread is heading - its just us users throwing things around, with Melih (probably chuckling) in the background.

Do you think we should invite Melih to appoint someoone from Comodo to act in an oversight capacity on this? I really think it’s worth digging deeper into, but guidance from them on how they see this fitting into their portfolio would only help.

Cheers,
Ewen

m0ng0d · July 27, 2006, 11:52pm

Well, we certainly need more posters to this thread… I think we are doing a good job at making our opinions known, but I doubt Comodo is going to decide what/if they build based on a handful of posters thoughts.

panic · July 28, 2006, 1:05am

More than a sneaking suspicion that Comodo are watching this pretty closely, Dan.

Melih · July 28, 2006, 3:05am

Very wrong!

Melih

m0ng0d · July 28, 2006, 3:42am

Oh? hmm… now I feel special ;D

(L)

Melih · July 28, 2006, 3:43am

But you are

Melih

panic · July 28, 2006, 3:50am

and you guys reckon I pad my postings!

m0ng0d · July 28, 2006, 3:51am

All I did was stand up and be counted

Even if all I did was provoke some valuable thought, I’m happy.

(CNY)

umm… seeing as you are catching up to Melih’s post count like wildfire… I’d say yes ;D

Timberwolf · July 28, 2006, 9:00am

Regardless of how interesting you find this - your daughter takes priority. I hope its nothing too serious and that all goes well. Our fingers are crossed for her.

On behalf of everyone at Comodo we wish your daughter all the best and a speedy recovery.

Many Thanks to Ewen, Melih and to everyone at COMODO. It’s not a serious surgery (Tonsils and Adenoids removed) but the risks are higher because she’s only 4. Hopefully this will be the last of them. She has been through more in her 4 years than I have been my whole life.

I may be underestimating the knowledge levels of your average household, but I don't think so (maybe Aussies are just dumber than Canucks ). I wanted to make a product that had the intelligence that the average householder lacked - i.e. - are we all current - are we all consistent - are we all activated - are we all protected? You and I may make the consistency and security of our apps a priority, but how many times have you come across someone who has an antivirus but hasn't updated it or renewed the subscriptions for a couple of weeks, months, years, and yet thinks they are protected?

IMO, You have hit the nail on the head… I have been building, upgrading and repairing computers for a while now and I see this on almost every PC that has problems. People install programs and have no idea what they do or how they work. They will install ad-aware and think their PC is protected, never updating the definitions. They are running N*orton AV 2003 that came on their PC and haven’t received updates in years. I do not have the network background that most of you have although I am learning everyday, but I feel I have a pretty good grasp on what the average Home PC user knows and unfortunately, it isn’t much.

1. I dont think bandwidth control would have sufficient benefit to enough users, or be sufficinetly compelling to Comodo to invest the time in. I might be wrong in my thinking, though.

I agree with you assessment about Bandwidth. My situation with Satellite is not typical and I don’t plan on being on it after this 15 month contract runs out. Hopefully, by that time, I will be able to get Cable or ADSL. (Crosses Fingers)

But wouldn't it be better to add FW rule distribution, AV scan schedules, backup schedules and application updates managed from a central console, rather than add distribution and propogation functions to multiple apps?

I think this is what makes CMC so compelling, the ability to change these rules from my PC rather than making changes on each of them. Call me lazy if you will…

CMC would have to be, at a minimum, password protected for login and propogation, with the possibility of a private key to be reinstalled from a remote media. But is this making it too much for Mr. Average?

I like the idea, but I do think it is a little much for the average user. What would happen if say these children that we need to use the CRBWS (Comodo Really Big Whacking Stick… :D) on damaged or lost the media. I don’t know how many CD-R’s I’ve found in pieces laying beside my PC thanks to little hands that don’t know the meaning of “Not yours”

m0ng0d · July 29, 2006, 1:17am

First off Ryan, you’ve got the support of a family up in Canada sending wishes for a fast and full recovery on your daughters surgery. No surgery is not serious IMHO.

… and now to task at hand.

I as well have been helping people in my community with their PC’s… hardware, software, spyware, viruses, etc… Somewhat similar to your experience.

But in your experience… how many of these families (that you’ve helped) had a LAN themselves? If the answer is none (or next to none), how is CMC going to ensure that they are updated better than the current hourly CAVS definition autoupdate and CAVS/CPF application Autoupdaters?

Timberwolf · July 29, 2006, 2:23am

Thanks for your encouraging words, I agree that any surgery is serious. I am trying to keep positive, otherwise I would go insane…

As for how many, if you would have asked me that question 2 years ago I would have told you next to none. However home lans are becoming the norm here and it is starting to get to the point where I see just as many of these as single pc homes. It is so much the norm here that Verizon is giving away routers with their DSL packages.

For single PC users, I don’t think it will be much of a benefit at all but I also don’t see it being that much of a hinderence either IMO. That would not be the target market though correct?

m0ng0d · July 29, 2006, 3:08am

Fair enough. Just trying to get a picture of market penetration of average Joe User’s on Home Lans… which of course would be the target market Ewen agrees with… I’m coming around to it… slowly

panic · July 31, 2006, 2:18am

Hey all,

To help crystallise things, I thought we should try and work out what data is going to get passed and collected, regardless of the overall configuration of CMC.

I’ve split it into two - one section for the update side of things, the other for the config side. The master would be listening on a dedicated port, so we don’t have to be too verbose in the data thats being passed. Each packet would need to have the sender ID (last octet of IP, or PC name??) to let the master know who sent what and what it was still waiting for.

COMODO UPDATE MODE

Master sends “master announce” across LAN
Non master PCs (NMP) send acknowledgement to master
NMPs send current program version and update levels to Master
If updates are needed, Master sends a “stop all ip except me” to all NMPs
NMPs complete current IP activityand when free, sends a comand to CPF to enter emergency mode. when CPF shuts down all posts except CMC control ports, NMPs send a “fill 'er up” flag to Master
Master sends appropriate updates to required NMPs.
NMPs store a copy of currrent updates (to allow for rollback due to unsuccessful update), install latest updates and if successful, send an “Update success” to Master
Master sends “update acknowledge” to NMPs and records new version and update levels for each NMP
NMPs receive “update acknowledge”
Master sends complete version/update table to all NMPs so everyone knows about everyone else (this may not be needed, depending upon the final config of CMC)
Do we need to send more than this? Can you guys think of any contingencies not catered for in the above? Is there any thing else they need to send back and forwards re. updates?

COMODO CONFIG MODE

User logs in with master password and the CMC on that PC (regardless of whether its the current update master) send a “changes pending” flag to other PCs
Other PCs receive pending flag and store current CPF rulesets, AV config and backup schedules
Other PCs send OK flag to config master
Other PCs send current rulesets, HIGH log alerts, parental control triggers (if this is included), AV config and schedules and backup schedules to config master
Config master recieves data from other PCs and builds tables for each other PC based on data sent
If config master user than makes a change to one of the core rules in its FW ruleset, config master sends a “fwrule change flag” to other PCs
Other PCs receive “fwrule change flag”, notifies local CPF install of pending change and sends “ok to send fwupdate”
Config master receives ok and sends fw rule change
Other PC receive and passes rule change to CPF for integration. When CPF signals CMC complete, other PC sends “fwupdate success” to config master
Config master records current firewall ruleset version for each PC that responds with “fwupdate success”
When user logs out of config master, config master sends current fw ruleset, av config and backup schedules to all PCs[li]Last stage of lgging out consists of config master sending a “changes completed” flag to all other PCs to terminate the “changes pending” flag originally set.

The steps shown above in BOLD would need to be repeated for AV config and schedule changes and for backup schedule changes.

The above list alows for FW rulesets, FW alerts, AV config, AV schedules, backup schedules and parental controls () to be passed. Is there any other info that needs to get shoved around?

What more can we get this to do?

This may seem like a fair bit travelling over the wire, but each of the flags and responses should only need to be one or two packets in size. How big the updates are and how much needs to be passed to update a ruleset, or an AV schedule or a backup schedule is yet to be determined and this is best left to Comodo.

■■■■■ on the thinking caps, guys! what data do you think needs to be passed around so CMC can manage Comodo apps across a LAN?

Regards to all,
Ewen

P.S. Ryan, hope all is well with your daughter, mate

m0ng0d · July 31, 2006, 3:08am

Comodo Update Mode

I’d like to see the master take charge of the updates. Initially there will need to be a communication session between the master and the clients so that it can ensure everyone is on the “baseline”… but from that point on there should never be any handshaking in order for the server to know “PC4” needs an update; if the baseline has changed on the server, then all clients get the baseline updates without need to check their versions first.

All PC’s would maintain updating the server with their newly compliant status (with the master’s baseline) after the update(s) has been deployed.

If their needs to be a “compliance list” broadcast sent in order to handle a different PC assuming the role of Master, than that can occur as well.

Should there be a master side poll to ensure system-wide “compliance” when a new Master takes over (Master is is lost during an update) so that the new Master can recover enforcing the baseline? I imagine that the new master would need to check its (and every other PCs) “am I in the process of applying updates flag” before thinking it needed to resend baseline packages.

Comodo Config Mode

My suggestion here depends on what the clients are allowed to do. Will clients be able to add their own rules? or do rules only get assigned by the CMC?

Either way, I would like to see a baseline enforced here as well.

If Clients are able to make their own specific rules as well, then the baseline on the master needs to be updated with these exception rules (and remembers them) so that future broadcasts of the rules do not destroy them (depends on whether you see rules/configs being pushed out as “updates only” or “dump what you have and use what I give you”). Again, enforcing a baseline (with recorded exceptions) removes the requirement for all the handshaking, and lets the master take charge.

I need some clarification… does CMC now house the rules creation? If so, does the Rules creation get removed form the Comodo apps, or locked out if CMC in use? If I am making a specific rule change for PC4, an I making it in its CMC (running in client mode)?

At any rate, I would like to see rule propegation handled by the server pushing out the baseline to all PC (with the exception rules to each PC that have them). And when the client updates it’s rules, it purges what it has and restores what it was given… baseline and updates (if applicable)… this will help any need of the client to analyze what it was sent to see if it already has a similar rule, and skip it. I prefer the brainwash method

This same approach could be handled for each application controlled by CMC in succession… CPF, CAV, etc…