Network Infrastructure Group

From Interlock Rochester Wiki
Jump to: navigation, search

Contents

[edit] Network Infrastructure Group

The network infrastructure group is a project group that is responsible for designing and implementing networks for Interlock, as well as keeping the Infrastructure#Network wiki page updated, and creating and maintaining the network acceptable use policy.

[edit] Current Projects

(projects approved by the group)

  • LDAP services

[edit] Proposed Projects

  • ChaosVPN
  • Define network infrastructure group
  • Labeling network jacks
  • Documentation
    • Network
    • Services
    • Diagrams (Physical, logical)
    • Password
    • Inventory
  • Phone System
  • IDS/IPS
  • A/V Link

[edit] Meeting Agenda / Minutes

[edit] 2012-02-02

  • reviewed notes from last meeting
    • wifi password - keeping it the same as last month
    • action items:
      • FreeNAS: Incomplete - JustBill
      • OSSIM: Incomplete. Plan to virtualize and implement. -Carl
      • Doorduino: Incomplete. LDAP, python script, hardware implemented and tested. Testing is unreliable possibly due to hardware issue.
    • NYSYS: Seems reliable. There was a problem with the WAN hub that was replace by JustBill. To stop this from happening in the future, we need to setup proper grounding.
  • we need to change the password for members
    • plan to wait until member meeting
    • will give out JustBill's phone number for support
  • Meraki: Still getting $10/mo. Not planning on expanding coverage
  • pfSense Failure
    • someone was plugging in their phone to charge it into the firewall!
    • CDROM caused crash - remediated and stable.
  • Network room lock
    • have lock but no keys
    • plan to implement with a door strike and iButton
  • Hacker network - needs a new AP. JustBill will supply. AntiTree will implement
  • VPN Access - needs to be updated

Action Items:

  • Ground the server room: JustBill
  • Implement warzone: AntiTree
  • Reimplement VPN: Carl

[edit] 2011-04-07

  • Begin planning of possible isolation of project network from production environment.
    • Agreed to split project network into two networks: the project network as it exists now will become the "development" network, and a new "project" network will be created by Chris that more closely resembled the warzone (without the open warfare)
  • LDAP update - you know who you are.
    • Progress has been made, no ETA yet
  • ESX updates - will be going over more technical description of what available.
    • Bill gave us a brief intro to what he has been working on with our VMWare environment. Will be having a class for people who wish to admin the setup within the next few months

[edit] 2011-03-03

  • LDAP
    • John is going to take over the task
    • We gave him feedback on properties that would be needed
    • Web interface - need volunteer to design
  • Status of our ESX ecosystem
    • Wishlist
      • Will review hardware
        • Looks good but add PCI-Express Intel NIC (est. $60) and consider hard drive choice
    • Next big project expense after SDR?
      • Possibly but bring to the whole group
    • Need a volunteer to be another admin on the ESX boxes, currently Bill is only admin - GOOD TRAINING!
  • Routing and switching
    • Would like someone to review our setup and make recommendations (looking for volunteers)
      • No immediate volunteers but suggestion to setup some monitoring tools (see below)
  • Services
    • Am building a bind, dhcpd, and other services environment, if anyone would like to help I could use them
      • Carl and John will take a look as well
    • Goals: get services off pfSense, have failover, generally be robust
  • Monitoring
    • Discussion on tools and implementation
      • MRTG, snort, OSSIM, etc
  • Open forum
    • Change MAC address on Doorduino
      • There is a private space to pick from (John will pick one)
    • Meraki
      • Move to 3rd floor or roof
      • Talk to Larry (Ben)
      • Possibly deploy more
      • Consider renewing the license (donations coming from it should cover it)

[edit] 2010-12-02

  • phone update
    • successfull established a trunk to HackPGH
    • need to open up more ports
    • we will pick up a pay phone in March
    • need to get a POTS card
    • Q: can we proxy SIP? A: Sure but haven't found a free one
    • Q: should we set up an XX-NNNN where everyone has the same XX or should XX be changed based on the hackerspace you're calling? A: ...
  • chaosVPN
    • Q:where to implement ChaosVPN A: Warzone goes on pfsense, openctf subnet routed to warzone
  • labeling
    • start but we got distracted
  • ldap
    • Joe will be doing the LDAP server
  • documentation
    • could be dependant on ldap server
  • pfsense infrastructure
    •  ?Need Intel pro card
  • documentation
    • need policies, procedures, and statement of what needs to be documented
    • put stuff on wiki
  • AV link
    • haven't seen Drew in a while
    • not sure of the status
  • Meraki Service Policy
    • Q: How do we handle support? A: we don't support it
    • Q: How is money handled? A: Steve gets money and he donates it
    • Bill will donate his access point to the cause
  • repo mirror
    • yep but internal only. Details to be decided by interested parties
  • monthly password
    • password is going to be changed after the first friday