GUI/Flow Help for creating easiest to use Central management for CPF

Panic, here ya go…got the message…and upon mongod’s request, I will be looking at this at a smaller level so I will be posting a new view on this. Thanks, panic, mongod, will repost here with a different take in a few.

Sounds great! I do have a couple of questions though, (and assume this would be used mainly for server\network systems) since the Admin say on a server running 2003 has to typically have strict access and password\admin rights, would there be a need to log into the CMC with a password?
Some servers are not touched for a while unless broke down, would this leave the CMC to be automated or always have to be controlled manually? A good example would be our local college, typically the server only needs access when something has gone down which isn’t all to often. So would CMC have to be accessed this way since it would require a password or would it have a schedule to do automated update checks on a regular basis? I also was wondering if SILENT updates for the NMPs would be better, without anyone knowing, since a record would be kept on the master of successfully distributed updates. From my experience, a lockout of user control of updates or changing settings would be a good thing, lol. The updates could be sent back silently as stated and not interfere with the NMPs screen. There would be no need for any passwords for the CMC on the NMP since users would not have access to it. It seems this is a larger scale idea, not typically for home use and parental controls may not be needed. This is just a current opinion and questions, so please don’t be offended.

Thanks, Paul

Just other’s for info, this was a PM posted here by request. Thanks.

Ok, so looking at this from a home network\small network view, how would the MASTER be in fact the MASTER? On smaller networks, workgroups, unless running a server, there really is no centralized management and each user configures their own computers. At any time, one could lock out anyone else. So in fact, even if this acted as a MASTER software, it would need server capabilities to run a master machine to in fact control the other NMPs. I would suppose one could use a pc for master but what if shut off and where would that leave the NMPs? Even if using simple control capabilites from a master machine with agreed control from other users or if they are your kids, (they have no choice,lol) what would happen if the NMPs were shut down and they would have to wait until the master pushed the updates through?

Another concern is this, parental controls wouldn't be quite effective in any case.  I would have to ask where Comodo could succeed where others have failed which is unless blocking almost anything except specified sites, will not do any good, which is ok for smaller children but for a bit of the older kids, they know how to get around most parental controls.  It's not at all doubting Comodo but "any parental software". I have tried all sorts for my kids and there were ways around all of them, easily I may add. A simple Google using the image search will bypass pretty much any control and show some astounding results.  Unless Comodo can break the chain of bad parental software I don't know if parental software included would be the best idea. 

On larger networks as I posted some concerns, questions, would these in fact be paid versions and free for home with say a scaled down model? While the idea of me making sure my computers are all safe on my home network are great, it has been so far easily accomplished and not sure if I would run such a tool as I may feel it more a burden than helpful, “even though I would probably use it just because i love comodo products” lol. just being honest. For larger corporation networks, businesses, etc…this seems (aside from some concerns) a very good idea. I just don’t know if a small home network would benefit that greatly from this is all.

And yes, I feel terrible saying that as i love comodo stuff but this is just a current opinion of mine. Please don’t take offense to it.
Also, if anything I wrote was mentioned just say, “hey dummy, it was in this post”. Thanks.

Paul

Thanks Paul for joining in.

Re. the great question - Who is the master? - one school of thought is that the first PC that is turned on automicatically becomes the master. When the others are turned on, they become “slaves” or NPMs. The NMPs send the current master their list of apps and update levels. The master then checks for and downloads the required updates. These are then updated on itelf and pusjed inturn to the other PCs. If the master got turned off, the NMPs would basically have an election to see who would become the new master. And so it goes …

This updating is only one part of CMC. The other side is where you can login to CMC on any PC , make a firewall change (for example) and push that change to the NMPs. You can also read the logs of all PCs, rather than having to go to each PC on your LAN to read the logs of each PCs.

Parental controls are, IMHO, in the “it’d be great, but not crucial if it did this” category. I think that this would warrant being a separate application, but if it were, CMC could read its logs centrally.

Regarding kids turning things off (they wouldn’t do that, would they?? ::)), the CMC configuration side of things would require a master password to log in with. This would be set across the LAN, as the password would be used to confirm that only a CMC master is attempting to connect with and pass data to another CMC PCs.

Melihs current thought on this, and please bear in mind that none of this is set in stone, is to have it as a free product for X PCs on a home LAN, but charge for additional licenses for large home lans or small business lans.

Did you donwload the process flow document? If you do, after reading it, have a look at m0ng0d’s postings. He’s thinking from the larger LAN side, and he’s raised excellent points.

Let us know what you think

Ewen

I got my fingers crossed for X >= 5

Ive got mine crossed for about 15!

OK, I’m willing to compromise… the number in the middle is 10

(V)

I was thinking something along the lines of 3 - 5. Anything more than that would entail a small business, IMHO. And I think Comodo should charge them for it, albeit a small fee. Afterall, isn’t Comodo suppose to earn bucks from these at the end of the day?

Yours truly,
DoomScythe

Hey all,

I’ve been thinking about the authentication required between the master and the non-master PCs. Would it be feasible if, when CMC was installed on the first PC, as part of the installation, it created an .EXE which included the digital keys needed for installation on subsequent PCs?

My thinking was that this would ensure authenticated comms between only those PCs whose installation source was a spawn of the original install on the LAN.

Melih, how much of an issue would it be to segregate the NM rules into two sections - those are created by default and those that are created for specific applications?

One of Daniels points earlier raised the prospect of different PCs having different software installed and this is usually the case. If the rules could be segregated, then the default (or base rules) could only be created, modified and controlled by the config mode of CMC, but application specific rules could be created on any PC by any user. These application specific rules could also be read by CMC and pushed to other PCs if required.

cheers,
ewen

shouldn’t be a problem to segregate them.

Melih

what about the idea of the initial installation of CMC building the install EXE forthe other Pcs onthe LAN but incorporating the key pair? I thought this would make the whole process more transparent to the user.

ewen

I can’t put my finger on it… but creation of a new exe… hmm… not comfortable with it yet…

Melih

OK, how about when CMC is downloaded the user downloads the install file and is separately sent a key pair for authentication. When CMC is installed on all PCs on the LAN, the user logs into CMC on one PC which forces it to be declared as the master. The key pair is installed on the master (after phoning home to verify the key pair), and the subordinates pull the “master” key pair from the master.

Better?

Rgds,
Ewen

Hello everybody,

thx panic for pointing me to this thread, very interesting indeed.

First, my experience with “Joe User” or “Otto Normaluser” as we call him here, or even “DAU” (most stupid assumeable user) which is an analogy to “GAU” (maximum credible accident).
All of them I helped did know how to surf, how to write a letter with Office, if they were advanced, how to burn a cd and of course, how to use emule and co, at least some of them.
Some of them had preinstalled AV or FW installed and never updated, they didn’t know how to react to Win Updates Messages or how to google for problems they had with viruses.
Some of them asked me, what an AV or FW is. I spent hours of cleaning up systems.

My favourite quote for “Joe User” is “the google is faster than the mozilla”. Yes, someone really said this to me. (It was IE with home page set to google opposed to Mozilla Suite with home page set to google.)

So my experience shows me that maybe a user knows that AVs and FWs are a ‘good thing^™’ but thats almost all.

Most of the home userdidn’t have LAN or didn’t use it.

However I like the idea.

remote maintainance:
I would like to see the ability to use CMC (also) as a remote management tool. One which doesn’t rely on Win RemoteDesktop, a (Ultra)VNC-like approach would be my favourite although I heard good thing about Radmin which I haven’t tested (and which is not free so I wouldn’t use it for my small affairs).

This could also be use for the suggested parental control, if you hide any traces of CMC

Deployment:
The ability to deploy without big hassle would be nice, like this:
I connect my Notebook to customers computer. CMD detects installed AV an d FW, offers the option to uninstall this and replace it with CPF and CAV together with my custom settings and custom set of rules and my ‘public key’. OK, the uninstall offer sounds futuristic.
If the customer wishes me to be able to do remote maintenance for his system(s), he has to enter a password, so that he can be sure I cannot log in to him if he doesn’t give the password. If he agrees and enters the correct password…check private/public key, ssh connection or something… you get the idea.
Or if in ‘parental’ mode, do silent live surveillance which could be an option to choose on deploy/install.

the draft:
just some thoughts about it…
1.) master announce
I would reverbalise “Master announce” (analog to other prototocols)
A: “Who is master?” + second try, to be sure master/network is in no ‘cluttered’ state in which answer is lost/not sent
B: “Me!” or timeout

2.) updates
I wouldn’t subordinate clients let update levels but let the master decide when it is idle enough (can’t find right word now, sorry for my english) to handle updates.
a) If master is just updating itself and client announces master has to put client on hold.
b) If master is under heavy load and many clients announce update levels, this might not scale well in very large lans (just theoretical).
So why not just let master decide what to do when:
I) Master knows of clients but updates itself first.
II) when master is ready ask client A “what’s your update level?”
III) client reports 1.6.6.6
IV) master: ok, latest is 1.9.9.9, prepare for getting updates
V) drawback: master has to keep a list of which are updated
Also if master for whatever reason has to do other things first, a ‘pause update’ and ‘resume update’ might be usefull.

Another idea for large lans and heavy load master (or just to speed up things) whould be a special mode for client, call it “distributor”

1. master updates itself and client A
2. master send “A is distributor”
3. master can update B or do other things
4. A updates B or C
5. A could also announce B or C as distributor
6. and so on
7. distributors communicate with master to keep list up to date
8. when all clients are updated master announces “distributors return to normal mode”

Reminds me a little bit of bittorrent

Some last thougts about master going down/breaking down
Again, I would prefer master to do the work, that what’s there for
When shutting down regularly or break down with CMC/network still working master could announce “master going down, new master client A” or “master error, new master client A”. By electing you save time instead of waiting for clients to recognise master is absent.
This could also be done for custom settings like maste being under heavy load for more than 15 minutes etc. Think of the possibilities.

Or something like this:
CAV on master detects virus on x.exe.
master announce: “virus detected, scan for x.exe” or “do full scan” or whatever

That’s all for now but there are so many possibilities I’m getting excited (:LGH)

Regards,
Marcel

btw: does Comodo offer jobs in germany (what about a branch office ;D)

Hiyaz folks.
(:WAV)
Interresting thread you have here and certainly something for the Home LAN market. I’m not too experienced with coding or programming, so please excuse my lack of knowledge in that area.
I’ve read through the entire thread, and I think I have the essence in what you’re trying to accomplish here. A central managed firewall and rule-set distribution software, right? (I sure hope this is it, otherwise I’m gonna look like a complete idiot when I write my comments ;))

1. First up you’re all familiar with the problem posed by the “Average Joe” with atempting to configure and deploy rule-sets in a secure way. Todays problem in my opinion is parents with little or no knowledge of what is actually passing through the DLS uplink from their kids room. The knowledge some kids have today can be varied at best, but do not underestimate their dedication. Some are really tenacious about being seen as “ubbah leet h4xx0rz” in their community, and will stop at nothing to circumvent their parents feeble attempt on restricting their internet-access. Which leads up to my second point.

2. “Who’s in charge here?”
   I think M0ng0d has a valid point, and I agree with much of what he says. Decide on one master, and stick with it. Why? Because allowing the master role to successfully switch to another host can be a tricky thing to accomplish in a safe and secure manner. What kind of conditions would warrent a master-role switch? 1 reboot, 2 reboots? Offline for more than 30sec? What if the previous master came online again, will this one automatically try to reclaim the master role? Or what if the little [insert your little ones name here] figures out a way to grab the master-role and messing with the rule-sets to allow his favourite p2p app through unhindered? Or worst case scenario; what if the 2 PC’s suddenly don’t see eachother anymore and cant poll for updates/heart-beat signals, will they both try to claim the master-role?
   I’ve seen some really badly configured cluster-configurations, where both were trying to become master at the same time. Leading to a complete outage for hours before the poor techy could figure it out and correct the situation by forcing an election manually or even shutting down the faulty firewall. As you can tell, I’m not a really big fan of having the master-role switch between more than maybe 2 firewalls under very strict conditions.

3. “What happens if I press this red button?”
   Rule-sets should be deployed without interrupting normal operations. This includes the parent firewalls aswell. Although a pop-up kinda message should appear stating that upgrades are in progress. Furthermore, the distribution and updates of this kind should be intuitive to the average user. Applying a rule to block something should be visually understandable if possible, maybe with a wizard approach to it (can you tell I’m not too familiar with programming and coding :)).

4. “Who goes there?”
   Parental control is paramount in this setting. I’m not trying to paint a very grim picture here, but there are some really scary sh*t out there. Everything from pop-ups/unders with malicious rootkits to fake ActiveX apps with blackmail-ware hidden inside and fake Anti-Spyware software.

So… I hope I made some sense into all this, and that I stayed on topic (I tend to wander off in a haze of technical terms if unchecked). Gonna return here from time to time to see what goes on.

Firstly, thanks for jumping in.

This is one of the reasons why this is being batted around. This is hopefully going to be the replacement intelligence that the parents lack.

2. "Who's in charge here?" I think M0ng0d has a valid point, and I agree with much of what he says. Decide on one master, and stick with it. Why? Because allowing the master role to successfully switch to another host can be a tricky thing to accomplish in a safe and secure manner. What kind of conditions would warrent a master-role switch? 1 reboot, 2 reboots? Offline for more than 30sec? What if the previous master came online again, will this one automatically try to reclaim the master role? Or what if the little [insert your little ones name here] figures out a way to grab the master-role and messing with the rule-sets to allow his favourite p2p app through unhindered? Or worst case scenario; what if the 2 PC's suddenly don't see eachother anymore and cant poll for updates/heart-beat signals, will they both try to claim the master-role? I've seen some really badly configured cluster-configurations, where both were trying to become master at the same time. Leading to a complete outage for hours before the poor techy could figure it out and correct the situation by forcing an election manually or even shutting down the faulty firewall. As you can tell, I'm not a really big fan of having the master-role switch between more than maybe 2 firewalls under very strict conditions.

Good points, but think of the target market - HOME LANs - where they, as a rule, don’t have a dedicated server. I think you may be thinking that CMC (Comodo Management Console) is part of the firewall. My thinking is that it’s a totally separate application that runs on two levels - 1) dynamic master and subordinates for collection and distribution of updates for all Comodo apps across a LAN and 2) administration console for review of logs and rules, modification of rules and virus scan schedules and co-ordination of these across the LAN. Only one PC can be a master at any one time, but any user with the CMC master password can login to the adminstration console on any PC currently on the network. Long story short, the collection, co-ordination and distribution of updates should be able to be done without human intervention whereas the admin console is for an adminstrator to login to, to monitor and refine the config of the Comodo apps across the LAN in a co-ordinated manner.

I’m pushing hard for dynamic masters because of the ad-hoc nature of home LANs. PCs pop on and off the LAN with no regularity, therefore there can be consistent rule for who is the master. As a consequence, the master status has to be as dynamic as the LAN. If you read closely, when a PC gets turned on, it announces itself as the master. If no-one else is the master, it assumes the role. If there is already a master, the current master says “Rack off, I am” and the latest PC to arrive on the LAN becomes a subordinate to the current master. The current master not only receives and records the current update levels from all subordinates, it passes this info back to the subordinates incase they become the master next, then they are aware of the levels of all the other PCs. When the current master gets turned off, the remaining PCs arbitrate among themselves as to who will be the next master, and the cycle continues without the dependance on a server or a human.

3. "What happens if I press this red button?" Rule-sets should be deployed without interrupting normal operations. This includes the parent firewalls aswell. Although a pop-up kinda message should appear stating that upgrades are in progress. Furthermore, the distribution and updates of this kind should be intuitive to the average user. Applying a rule to block something should be visually understandable if possible, maybe with a wizard approach to it (can you tell I'm not too familiar with programming and coding :)).

Agree, the interface for rule explanaton and creation has to be made as simple as possible. It must be easier than using the PC itself, otherwise we will lose the mums and dads of the world.

4. "Who goes there?" Parental control is paramount in this setting. I'm not trying to paint a very grim picture here, but there are some really scary sh*t out there. Everything from pop-ups/unders with malicious rootkits to fake ActiveX apps with blackmail-ware hidden inside and fake Anti-Spyware software.

I’d love to see parental control added, but they are worthy of being a separate application, and may add too much overhead. I’d like to see the amount of data passed around kept to a minimum to reduce the overall impact on system throughput. Be great if they could cram it in though.

If you can think of any mates or whoever who could improve this in any way, please let them know about this topic and push them to it.

Thanks in advance - keep the ideas comin’

Ewen

This is where I went wrong. I asumed it to be an integrated part of CPF
These type of management consoles do require some understanding in basic firewalling, whichs leads me to think that getting this through to the Home “LAN” market would mean ease of use and intuitive design. It certainly is neccesary, as we have all seen. But as most homegrown networks isn’t very complex in their design, this application shouldn’t be too hard to implement. However, the thing thats catching my immediate attention is the “failover/arbitrary master-role” function. Do you see this application in bigger environments than the “Adams Family”? If not, then I’m still reluctant to allow more than one master and here’s why:
You only need a single management console to distribute the rule-sets. Should this console go offline, the rules already in effect applies. If there’s 2 or more CMC’s for rule-set distribution, you need either a central database containing the “master rule-set”. Or some way to exchange the “master rule-set” to all the CMC’s.
And also if this console is down during the update sequence, the clients would default to internet updates automatically. And traffic shaping isn’t really neccesary unless we’re talking about 10 or more computers sharing a simple DSL line, and there’s VoIP involved.

Hmm… It looks like I’m very pesimistic here, but I’m not. Guess I’m used to enterprise solutions
(R) …and I really mean this!

Looks like I need to think some more on the subject…

In a larger environment with a dedicated server, we wouldn’t need to have the master be dynamic. This is only for smaller home lans. Thets why the master aggregates all the subordinates infoand then passes it along to each, so all PCs on the home lan have all the info on all the PCs so all PCs CAN become the master if need be.

And also if this console is down during the update sequence, the clients would default to internet updates automatically.

And traffic shaping isn't really neccesary unless we're talking about 10 or more computers sharing a simple DSL line, and there's VoIP involved.

“Dad, my internet music and movie stealing goes really slowly just because youre updating the security I dont want!!!” Unless you actually like the sound of teen whinging, we still should try and keep the LAN chatter down to a minimum. LOL

Keep 'em coming

Ewen

So a typical senario means the CMC gets installed on mom, dad and son(s) PC. Other than a password, will there be a mechanism that prevents a forced role-change? I’m sure “mom” and/or “dad” would appreciate the control this app. gives them. I know I would

How much traffic are we talking about here? In a normal LAN environment, these updates shouldn’t make any significant impact on the overall performance. Bittorrents, Limewire and similar apps rarely downstream more than 50-60KB/s and software updates perhaps 150-200KB/s on a really fast line. So the overall throughput should be in the vicinity of 250KB/s which is normal for a 2Mbit/s DSL. Thats roughly 2% of your LAN’s total throughput (not including bittorrent’s CPU/Mem hog)

Yep, CMC gets installed onall PCs on the LAN and there is a single master password on all instances. When you say “role change” are you referring to the roles of master and subordinate? If so, why do we actually need to prevent or control a change? The updating and co-ordination of updates across the LAN should be able to occur without human intervention at all, in fact it’s potential design excludes human interaction. The only time we mere mortals need to get involved is if someone (with the master password) logs into an instance of CMC somewhere on the LAN to view logs, update status, virus schedules/scan results, review and change FW rules etc. This side of
CMC (the logging in and human interaction side of it), I see as being totally separate from the update collection, collation and distribution, which just happens.

In a way it’s funny - when I first started thinking on this, I was focussed on “gotta be a server, gotta be a server”, as were most of the other contributors. When I mentioned this to my wife she said “that I was off my nut if I thought I was bringing another PC into the house, just to act as a server, and why did I need a server, anyway?” The more I thought about her reply the more I changed my thinking. Our home LAN exists quite happily now - file sharing takes places without us doing anything - likewise, printing, media streaming, video monitoring - it just works - we don’t control anything - it runs itself.

Ask yourself this question:

“Why do I feel I should have to get involved in the collection, collation and distribution of program updates? Why be part of a process that occurs better when I’m not there?”

The harder I thought on this, the more I realised it was a control thing, ingrained from enterprise LANs, but really wasn’t needed and would only complicate things on a home LAN.

Think INSIDE your box - it doesn’t have to be big and you don’t have to drive. It’s OK to be a passenger every now and then.

What do you think?

How much traffic are we talking about here? In a normal LAN environment, these updates shouldn't make any significant impact on the overall performance. Bittorrents, Limewire and similar apps rarely downstream more than 50-60KB/s and software updates perhaps 150-200KB/s on a really fast line. So the overall throughput should be in the vicinity of 250KB/s which is normal for a 2Mbit/s DSL. Thats roughly 2% of your LAN's total throughput (not including bittorrent's CPU/Mem hog) :)

The size of the updates are determined by the update level of the PCs onthe LAN, but it shouldn’t be large at all. The FW updates are infrequent but a bit larger, and the AV updates are mre regular but way smaller.

What are your thoughts?

Ewen

P.S. It’s an interesting brain exercise, isn’t it? I started thinking large LAN style, then shifted to home LAN with the potential to upscale the app to the enterprise level. IMHO, it’s easier from a coding viewpoint to add functionality or modify existing functionality than it is to nobble or chop up an enterprise app to make it fit into a smaller LAN environment. Think small - with a view to grow big.

cheers,
e

Ok… so I sat back and started thinking on what you guys are trying to achieve instead. I came to the conclusion that I should start working with the program instead of against it.
But to answer your question; Because I can and because I want to know whats actually going on. sometimes I like to micromanage, and sometimes I have to due to bad programming. But mostly I’d like to be able to trust an application to do what I install it to do and verify it afterwards from time to time. I don’t mean manually control every aspect, but still be able to if not just for the curiosity of it.

Moving on.
I initially thought of the application as a master/client application. This didn’t neccesarily meant using a server, but a “Master-PC” if you will. The reason for this was the application resource needs for one, and the need to keep it running at all times next. As you so elequently put it earlier, kids will do all that they can to inprove their game/download experience. This includes shutting down services and programs they feel interfere with this. Especially firewall/CMC/AV apps

This leads me to a few questions. I hope you don’t mind:

• Does the CMC install itself as a service, hidden app or a system process?
• Can we lock it down and prevent someone without the “master password” to kill it?
• Will it contain all the updates and what-not in a specific directory on all PC’s involved?
• Will it flush this directory every now and then, and will it flush on all PC’s to prevent false synchronizations?
• Why can’t you have a central parental control function that will be distributed to the other CMC’s when updated? The PC with an active Parental Control will have to filter the surfing regardles if you centralize it or not.
• Will it be possible to time-schedule surfing/P2P/gaming/chat? Eg. after dinner and homework, and before bed-time? Leaving a timed window-slot for the kids to relate to. I do not want to seem too strict, but some ground rules should be educational.
• The licensing policy for the CMC. Is it per CPU or per registrated individual and can be freely distributed internally?
• When the role changes, eg. switches to another PC. How will we know?
• And if we log into a PC who does not hold this master-role, can we grab it for viewing/updating purposes?
• Will updates and such be synchronized when received, or as an event eg. hourly?

I have more , but these should cover the basics for now