wiki:AboutKraken
Last modified 2 years ago

About Kraken

Introduction

Kraken is an OSGi based security platform which helps users develop well-designed and full-featured security appliance easily. Most security products have common architecture and features. For example, let's see WIPS case. WIPS have wireless sensors, management server, and console: wireless sensors monitor RF channels, report distance (using RF signal attenuation) and attacks, do enforcements. Management server manages policy, aggregates all events and location related data, and tracks station's location. Console shows current wireless events, logs, devices, configuration, and policies to administrator. Therefore, it requires following components:

  • RPC for easy network communication
  • Database or connector for policy and event management
  • Log archiving and query processing
  • PCAP analyzer for wireless network forensic
  • Scheduling for periodic task
  • MAC OUI lookup for device fingerprinting and enforcement
  • RADIUS or LDAP for centralized authentication
  • Web server for web based console
  • NTP for time synchronization
  • Syslog and SNMP for remote logging and centralized monitoring
  • SMTP for alert and/or notice mailing
  • and more..

How about SIEM (Security Incident and Event Management) system? It also have server agents, log servers, management server, and console. It requires following components:

  • Server agents for remote log aggregation, system status monitoring, and control
  • File integrity monitoring
  • Vulnerability scanner and network scanner
  • GeoIP for geographic location tracking
  • Log based intrusion detection
  • RPC for easy network communication
  • Log archiving and query processing
  • Scheduling for periodic task
  • RADIUS or LDAP for centralized authentication
  • Web server for web based console
  • NTP for time synchronization
  • Syslog and SNMP for remote logging and centralized monitoring
  • SMTP for alert and/or notice mailing

It's also same for enterprise firewall, IPS, DLP, and so on. These are all well-known 3 tier (or N tier) architecture. Many components can be reused for other solution development. Kraken project provides frequently used common components built on solid universal middleware, Kraken Core.

Why Kraken?

Kraken Core is a highly extensible and configurable service runtime. Kraken Core has built-in telnet/ssh server and extensible shell. You can control server precisely and monitor details with kraken console. Let's imagine deadlock scenario. You can see running java threads using thread.list command, and find waiting thread. Then you can inspect thread stacks using thread.stacks [thread id] command. You can pinpoint deadlock position immediately, and fix code. Moreover, you can monitor heap space allocation for all generations (e.g. eden, survivor, perm gen) If you want, you can dump all memory using sunperf.dumpHeap command even on production server. Kraken Core don't require reproduction of problem on development server, therefore you can immediately pinpoint and fix problems.

Furthermore, you can install new module or uninstall module at runtime. You can add new feature or patch module without restart server. Since Kraken Core provides service oriented architecture (aka SOA) on JVM, you can easily compose modules (yours or others) dynamically at runtime. For example, you can install kraken-rpc and add your own rpc service module without reboot server.

Kraken Core is based on solid  OSGi technology,  Apache Felix framework and  iPOJO service component model, so you can install any OSGi bundles and use component based programming model. With Kraken, fast and easy development, and fine-grained operating is enabled.

Getting Started

If you are administartor, see following pages (coming soon):

  • Kraken SIEM Package
  • Kraken NAC Package
  • Kraken CA Package

If you are developer, see following pages (coming soon):

  • Kraken Core Tutorial: Installation, Core programming concepts
  • Kraken WebConsole Tutorial: Long polling based RPC, and Widget user interface
  • Kraken ConfDB Tutorial: Version controlled Configuration Management
  • Kraken Syslog and SNMP Tutorial: Centralized Network Management
  • Kraken LogDB Tutorial: Log archiving and Query processing
  • Kraken RPC Tutorial: Messaging between sensor and server
  • Kraken RADIUS and LDAP: Centralized Authentication
  • Kraken PCAP: Network Forensic

Committers

  • Founder
  • Committers
    •  stania@nchovy.com
      • kraken-core, kraken-snmpmon, kraken-rrd
    •  delmitz@nchovy.com
      • kraken-logdb, kraken-pcap (live mode), kraken-winapi, kraken-windows-sentry, kraken-linux-sentry, kraken-ntp, kraken-confdb (object/collection mapping), kraken-dom, kraken-mail, kraken-ftp, kraken-ldap, kraken-isc-api, kraken-ahocorasick
    •  mindori@nchovy.com
      • kraken-pcap, kraken http/ftp/msn/smtp/pop3/snmp/telnet/tftp decoders, kraken-dns, kraken-tftp
    • periphery
      • kraken-bloomfilter, kraken-cron
    • tgnice
      • kraken-dcerpc, kraken-netbios-decoder, kraken-smb-decoder

History

Kraken project is started since 6/26/2008. At that time, I wanted pluggable and felixible security event monitoring system. After several projects, Kraken now becomes general purpose security platform.

Kraken is used to build various security solutions:

  • AirScan, wireless security event management, 2009
  • Inspector, network data leak prevention, 2010
  • IGIMS, centralized system and network management solution for 2nd Asian Beach Games held in Muscat, Oman, 2010
  • WeGuardia SSLplus, centralized authentication and management for SSLVPN clients, 2011

See also

Kraken Core