This is like asking
"Whats the ideal person?" (car, aircraft, OS) Fifty people will give you
fifty different answers. If I had an opportunity to chose, here are some
of the features I would like to be able to have. (cost not object)
:>)
have
multi firewall and IDS's in one box, be able to scale enormously
(up & down), platform independent, redundant systems (processor, power
supply, built-in UPS, RAID5, multi-cooling fans etc) auto failover, remote &
local alarming (email,pager, voicemail,etc), spare ports available, interface
with anything (T1, T3, ADSL, Dialup, gigabit ethernet), do remote & local
authentication, IDS do auto escalation, NAT, do packet analysis, content
analysis (at different OSI levels), traffic analysis (inc. pattern), dynamically
configurable (on the fly, no reboot), have deployable agents & spiders for
the DB's. What DB's?
rules
(1000's)
filters
(1000's)
message (default
& custom)
objects (almost
anything-users, phone#s, messages,people, machines, actions)
actions
(standard + user definable)
virus
(1000's)
exploits
(100's)
use
patterns
test (extensible,
user add)
logs
reports
policy
connections
protocols
(1000's)
locations (URL's, IP
addresses, hostnames, mac addresses, etc)
Spiders would
monitor ALL & report changes since: (u config)
Tons of management
tools, pluggable into a modular console (for ramping)
event manager
(scheduler)
traffic
manager
filter
manager
test manager
(system, exploit & penetration)
bandwidth manager
(who gets priority)
crypto manager (with
multi-plug modules (AES, DES3, Twofish, PGP etc)
policy
manager
log/report
manager
realtime
GUI
system
monitor
The system should be
HIGHLY configurable with mucho granularity.
I probably left a
lot of things out but maybe there are some other ideas out
there.
Let me know when you
are ready to start on this as I have seed money available ($15.00)
:>)
