rwanda govnet xuan pan nkusi issa claude hakizimana joakim slettengren innocent nkurunziza xuan pan...
TRANSCRIPT
Rwanda GovNetRwanda GovNet
Xuan PanNkusi Issa
Claude HakizimanaJoakim Slettengren
Innocent Nkurunziza
Xuan PanNkusi Issa
Claude HakizimanaJoakim Slettengren
Innocent Nkurunziza
Team 2 - [email protected] 2 - csd2006-
Rwanda GovNetRwanda GovNet 22
AgendaAgenda
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 33
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 44
Project backgroundProject backgroundA new fiber optic network was installed for government departments in Kigali, Rwanda
Faced network instability due to viruses, DoS etc.
Difficult to detect or prevent the user causing problems
Difficult to monitor who was using the network resources
Lack of network policies
A new fiber optic network was installed for government departments in Kigali, Rwanda
Faced network instability due to viruses, DoS etc.
Difficult to detect or prevent the user causing problems
Difficult to monitor who was using the network resources
Lack of network policies
Rwanda GovNetRwanda GovNet 55
GovNet pilot projectrequirements
GovNet pilot projectrequirements
Pilot project for selected nodes of the network
Establish basic network security
Bandwidth monitoring, network management
Create network policiesEasy to use and cheap, open source
Pilot project for selected nodes of the network
Establish basic network security
Bandwidth monitoring, network management
Create network policiesEasy to use and cheap, open source
Rwanda GovNetRwanda GovNet 66
PrincipalPrincipal
First principal, RITA, Rwanda Information and Technology Authority
The GovNet team got a new principal in March, Ministry of Infrastructure
Changes of the goalsFocus mainly on Ministry of Infrastructure and its PSOs (RITA)
First principal, RITA, Rwanda Information and Technology Authority
The GovNet team got a new principal in March, Ministry of Infrastructure
Changes of the goalsFocus mainly on Ministry of Infrastructure and its PSOs (RITA)
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Rwanda GovNetRwanda GovNet 77
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 88
Goals 1/2Goals 1/2
Replace Linux routers with network equipment
Increase connectivity between government departments
Develop an AUPPresent a network security solution
Present a network management solution
Replace Linux routers with network equipment
Increase connectivity between government departments
Develop an AUPPresent a network security solution
Present a network management solution
Rwanda GovNetRwanda GovNet 99
Goals 2/2Goals 2/2
Demonstrate VoIP in at least two sites
Conduct a training session to ensure the sustainability of the solutions
Demonstrate VoIP in at least two sites
Conduct a training session to ensure the sustainability of the solutions
Rwanda GovNetRwanda GovNet 1010
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 1111
Equipment procurementEquipment procurement
Uncertain funding delayed the equipment procurement
Quotations were collected
New funding agency new procurement rules
New tender opening date, June 1st 2006
Uncertain funding delayed the equipment procurement
Quotations were collected
New funding agency new procurement rules
New tender opening date, June 1st 2006
Rwanda GovNetRwanda GovNet 1212
Temporary solutionTemporary solution
Desktop computersBorrowed network equipment from other not yet implemented ICT projects
Desktop computersBorrowed network equipment from other not yet implemented ICT projects
Rwanda GovNetRwanda GovNet 1313
GovNet topologyGovNet topology
Separate VLAN in the fiber backbone
Using one centralized gateway
Removed NATs at the nodes
Separate VLAN in the fiber backbone
Using one centralized gateway
Removed NATs at the nodes
T e r r a c o m
I n t e r n e t
G o v N e t G a t e w a y
R I T A
M I N I N F R A
N e w i n s t i t u t i o n
L e g e n d
F i b r e c a b l e
V S A T L i n k
Rwanda GovNetRwanda GovNet 1414
Security Solution for GovNet
Security Solution for GovNet
1. Cost-efficient
2. Centralized
3. Scalable
1. Cost-efficient
2. Centralized
3. Scalable
and decentralized
Rwanda GovNetRwanda GovNet 1515
MethodologyMethodology
Risk analysis
Acceptable User Policy
System Weakness analysis-Nessus
Intru
sio
n
Dete
ctio
n
Sys
tem
802.1x+Radius EAP-TLS
Attack
Impact
Create
Exploited
Result in
Reduce
Decrease
Discover
Protect
DeterrentControl
DetectiveControl
PreventativeControl
Trigger
CorrectiveControl
Vulnerability
Threat
???
Rwanda GovNetRwanda GovNet 1616
AUP and Update serviceAUP and Update service
• Microsoft Windows Server Update Services (WSUS)• Microsoft Windows Server Update Services (WSUS)
• Acceptable User Policy• Acceptable User Policy
• Best Practices• Best Practices
Rwanda GovNetRwanda GovNet 1717
NessusNessus
• Each ministry has one scanner • Each ministry has one scanner
• To use free plug-ins • To use free plug-ins
• To use selected plug-ins when scanning
• To use selected plug-ins when scanning
Rwanda GovNetRwanda GovNet 1818
Certification AuthorityAnd
Authentication Server
Authentication Challenge
one decentralization
Authentication Challenge
one decentralization
…
…
Ministry A10.10.10.1
…
Ministry B10.10.10.2
ISP
x x
TerracomCertification AuthorityAnd
Authentication Server
Client side certificate
Certificate of CA
Server side certificate
Certification AuthorityAnd
Authentication Server
Rwanda GovNetRwanda GovNet 1919
Authentication Challenge two
Alcatel Switch issue
Authentication Challenge two
Alcatel Switch issue
Procurement ContractSupplier
Configuration Guide
Trail version
Update
Pre-study Phase
Implementation Phase
Currently
Future
Rwanda GovNetRwanda GovNet 2020
Intrusion Detection System
Intrusion Detection System
…
Ministry A10.0.5.2
Sensor
SQL
…
Ministry B10.0.5.2
Sensor
SQL
…SQL SQL
SQL
Snort CenterACID ISP
Sensor
SQL
Rwanda GovNetRwanda GovNet 2121
Intrusion Protection System -- Modules
Intrusion Protection System -- Modules
1. Configuration File
2. Debug mode or Daemon
3. Ignore list
4. System information detection module
5. Database communication module
6. Action module
7. Log module
Rwanda GovNetRwanda GovNet 2222
Intrusion Protection System --Function DiagramIntrusion Protection System --Function Diagram
Rwanda GovNetRwanda GovNet 2323
Training sessionTraining sessionBasic of network security such as
security planning, policies and mechanisms
1. Network monitoring with Nagios2. Network vulnerability scan with Nessus
1. AAA2. Intrusion detection system with Snort3. Intrusion protection program
Network management
and bandwidth
monitoring with NTOP
Rwanda GovNetRwanda GovNet 2424
Network management 1/3 Network management 1/3
Installed and configured Nagios host and service monitor
Installed and configured Nagios host and service monitor
Sends e-mail notifications
Will be extended with SMS notifications
Sends e-mail notifications
Will be extended with SMS notifications
Rwanda GovNetRwanda GovNet 2525
Network management 2/3Network management 2/3
Installed MRTGMonitors the external bandwidth
Monitors throughput at each node
Will monitor the equipment of the ISP
Installed MRTGMonitors the external bandwidth
Monitors throughput at each node
Will monitor the equipment of the ISP
Rwanda GovNetRwanda GovNet 2626
Network management 3/3Network management 3/3
Installed NTOPMonitors user bandwidth usage
Can find viral activity
Can find file sharing users
Installed NTOPMonitors user bandwidth usage
Can find viral activity
Can find file sharing users
Rwanda GovNetRwanda GovNet 2727
VoIP demonstrationVoIP demonstration
Installed the SIP server SER
Used software clientsTested between users at Mininfra and RITA
Can be extended with hardware phones
Installed the SIP server SER
Used software clientsTested between users at Mininfra and RITA
Can be extended with hardware phones
Rwanda GovNetRwanda GovNet 2828
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 2929
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 3030
ConclusionsConclusions
Despite the delayed equipment, the GovNet team were able to partly fulfill all goals
The equipment will most probably arrive Rwanda in mid June
The three Rwandan team members will then install the solutions and return the borrowed equipment
Despite the delayed equipment, the GovNet team were able to partly fulfill all goals
The equipment will most probably arrive Rwanda in mid June
The three Rwandan team members will then install the solutions and return the borrowed equipment
Rwanda GovNetRwanda GovNet 3131
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions
Rwanda GovNetRwanda GovNet 3232
Future RecommendationsFuture Recommendations
Ways of optimizing ICT investments, better planning
Better documentationCentralized web cachingMore spare equipmentGovNet intranet
Ways of optimizing ICT investments, better planning
Better documentationCentralized web cachingMore spare equipmentGovNet intranet
Rwanda GovNetRwanda GovNet 3333
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions?
Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions?
Rwanda GovNetRwanda GovNet 3434
Thanks for listeningThanks for listeningRwanda GovNet [email protected]
Rwanda GovNet [email protected]