Design and implement a dashboard and test suite that assesses the Software Define Perimeter (SDP) environment's compliance against the TIC 3.0 requirements.
TBD
Assessment of Trusted Internet Connection Compliance (ATICC) Dashboard
License: The Unlicense
IP Denylisting are one of the 5 basic TIC capabilities, protecting against the ingest or transiting of traffic to/from a denylisted IP address.
InSpec profiles for the following IP denylisting scenarios:
For more information, refer to the TIC 3.0 Testing Outline document.
None...
The dashboard displays false positives for the ping test in certain situations, such as when the coordinator is not running.
ATICC Users.
The ping test appears to pass when it should be failing, meaning the ping test result viewable in the dashboard are not completely reliable.
When the dashboard attempts to run a ping test but the coordinator is not running.
When the coordinator is not running, all tests should fail.
As an ATICC user, I need to be able edit and delete existing instance of tests.
Currently we can only add test to the Dashboard and the only way to delete them is to re-run the whole dashboard. We need to add the ability to both edit and delete existing test to avoid this tedious workaround.
Editing will require some planning because we will need to change the UI a bit to add an "editing" section. Delete should be relatively straight forward.
NA
As an ATICC user, I need clear guidance on how to use the SDP client in order to run the test suite.
None
As a ATICC Developer, I need to know how the coordinator will execute the tests.
Along with communicating with the dashboard, the coordinator should be able to execute the tests. This entails:
Any ping test issued from the dashboard is executed twice on the coordinator. This is separate from the amount parameter in the issued ping test, e.g. A ping test with amount parameter 3 will ping three times but the ping test will run twice (So the IP will be ping 6 times). This is unintended behavior.
If the coordinator is communicated with using something other than the dashboard, ping tests will not be duplicated. This isolates the problem to the dashboard.
ATICC Users.
This bug is causing the coordinator to fulfill twice as many ping tests with only half of those tests contributing to results viewable via the dashboard.
This bug occurs when any ping test is run from the dashboard, whether it passes or fails.
Each ping test should only be run once rather than twice.
As an ATICC user, I need to easily create each each type of base test to fulfill my overall testing outline.
A user should be able to easily add and remove various base tests via the dashboard. A user will use this capability to implement their testing outline in the dashboard itself. The execution code for each test will be in the coordinator, and the response will be analyzed in the dashboard to determine whether the test passed or failed. The user will then be preseneted with an explanation of result.
As an ATICC user, I want to be able to easily change values used within the InSpec profiles. This should be doable in one place. An ATICC user should not have to change the actual profiles when changing variable values.
The parameters defined in /Profile/input_file.yml
should be utilized in all profiles under /Profile/
Turn the ssh user and key's into InSpec inputs. It will be easier to use them when the time comes.
As an ATICC developer, I would like our planned tests to be applicable to any implementation satisfying TIC 3.0 guidelines. Currently, the descriptions within the TIC 3.0 Testing Outline Table include details of the ATARC implementation rather than being agnostic of implementation.
All reliance on the ATARC implementation within the TIC 3.0 Testing Outline Table needs to be removed. Instead, the test descriptions should rely on TIC 3.0.
This involves being able to test for "all" cases of a certain test. For example, we use a port scan to check all of the ports, as opposed to simply pinging the ports we know may be open.
No Dependencies
Network Segmentation is one of the 5 basic TIC capabilities. It ensures the network is made up of subnetworks with boundaries between one another, restricting unauthorized traffic between them.
(User Story modeled after #26)
InSpec profiles for the following IP Network Segmentation scenarios:
For more information, refer to the TIC 3.0 Testing Outline document.
None
As an ATICC Developer, I need to define what types of tests are going to be implemented.
Looking through the testing outline, make a concise but complete list of test types that the Dashboard can initiate and the Coordinator can execute. For each test we need this information:
String
Boolean
As an ATICC User, I need to be able to check whether the dashboard is able to communicate with the coordinator using the coordinator URL
It should be possible to check that the dashboard is able to communicate with the coordinator without running a TICC test. This way, an ATICC user can check if the coordinator is running and that their coordinator URL (in the settings tab) is accurate.
This can be done with some kind of button on either of the testing page or settings page.
N/A
Delete old dashboard/coordinator code
As an ATICC developer, I need to have a well-defined architecture of the Dashboard-driven testing suite.
The Dashboard-driven test suite's architecture is final so the implementation can commence.
It should define all of information necessary to complete development including, but not limited to:
#3 List of Test Types
As an ATICC user, I want to be able to establish expectations for whether an individual test should pass or fail. In addition, I should be able to see how these expected results compare to actual results and see an explanation of this relationship.
{A clear and concise description of what you want to happen. This should be outcome focused. Include concise description of any alternative solutions or features you've considered. Feel free to include screenshots or examples about the feature request here.}
#13 must be resolved first.
As an ATICC developer, I need to be able to set the explanation of pass/fail directly after running the test.
Currently the (in the Action.java interface) the run() and explain() methods are separated. This means that the explanation method has to re run the test just to analyze it and give an explanation for pass/fail. Either:
N/A
As an ATICC developer, I want to be able to send REST requests from the dashboard that are PUT, PATCH, or DELETE requests.
The sendRequest method in the RestService class should be able to send PUT, PATCH, and DELETE requests. Currently, the method only supports GET and POST requests. This functionality can be implemented by expanding the If statement, using a different conditional statement, or using a more general method in the RestTemplate library.
NA
As a ATICC Developer, I need to know how the Coordinator and Dashboard will communicate.
Create and define the REST API that will be used by the dashboard in order to:
Start the the various tests.
Get the results of the tests from the point of view of clients. The Dashboard can then consult the SDP controller to further assess the results of the tests.
Here is a PDF further describing the flow in more detail.
As an ATICC Developer, I need to know what component(s) of the SDP configuration within the SDP controller is relevant for each of the planned tests.
For each test in the TIC 3.0 Testing Outline table, Find which part of the SDP configuration (visible from the SDP Controller) can be used to determine if the test has passed or failed.
No dependencies.
As an ATICC developer, I need to be able to easily all the docker things:
{A clear and concise description of what you want to happen. This should be outcome focused. Include concise description of any alternative solutions or features you've considered. Feel free to include screenshots or examples about the feature request here.}
{Describe any previous issues or related work that must be completed to start or complete this issue.}
{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}
As an ATICC developer, I need a clear way to view the error that are being made in order to easily diagnose bugs.
As of right now, the go code only return error status codes, and is harder to debug. For cleanliness we should add a universal error logging system so we can write always write errors to it.
none
The Dashboard refreshes and runs each test when a new one is added. Instead make a refresh button to do this.
ATICC Users.
It will make the runtime long for adding a new test (if every other test has run again)
A button should be made which has the same functionality for refreshing. The refreshing functionality should be taken out by default when adding a new test.
As an ATICC developer, I I need tailored GitHub templates.
None
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.