Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.

Published byGriselda Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent."— Presentation transcript:

1 Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Team 2 - csd2006-team2@csd.ssvl.kth.se

2 Rwanda GovNet2 Agenda  Project background  Goals  Implementation phase  Video  Conclusions  Future recommendations  Questions  Project background  Goals  Implementation phase  Video  Conclusions  Future recommendations  Questions

3 Rwanda GovNet3 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

4 Rwanda GovNet4 Project background  A new fiber optic network was installed for government departments in Kigali, Rwanda  Faced network instability due to viruses, DoS etc.  Difficult to detect or prevent the user causing problems  Difficult to monitor who was using the network resources  Lack of network policies  A new fiber optic network was installed for government departments in Kigali, Rwanda  Faced network instability due to viruses, DoS etc.  Difficult to detect or prevent the user causing problems  Difficult to monitor who was using the network resources  Lack of network policies

5 Rwanda GovNet5 GovNet pilot project requirements  Pilot project for selected nodes of the network  Establish basic network security  Bandwidth monitoring, network management  Create network policies  Easy to use and cheap, open source  Pilot project for selected nodes of the network  Establish basic network security  Bandwidth monitoring, network management  Create network policies  Easy to use and cheap, open source

6 Rwanda GovNet6 Principal  First principal, RITA, Rwanda Information and Technology Authority  The GovNet team got a new principal in March, Ministry of Infrastructure  Changes of the goals  Focus mainly on Ministry of Infrastructure and its PSOs (RITA)  First principal, RITA, Rwanda Information and Technology Authority  The GovNet team got a new principal in March, Ministry of Infrastructure  Changes of the goals  Focus mainly on Ministry of Infrastructure and its PSOs (RITA)

7 Rwanda GovNet7 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

8 Rwanda GovNet8 Goals 1 /2  Replace Linux routers with network equipment  Increase connectivity between government departments  Develop an AUP  Present a network security solution  Present a network management solution  Replace Linux routers with network equipment  Increase connectivity between government departments  Develop an AUP  Present a network security solution  Present a network management solution

9 Rwanda GovNet9 Goals 2/2  Demonstrate VoIP in at least two sites  Conduct a training session to ensure the sustainability of the solutions  Demonstrate VoIP in at least two sites  Conduct a training session to ensure the sustainability of the solutions

10 Rwanda GovNet10 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

11 Rwanda GovNet11 Equipment procurement  Uncertain funding delayed the equipment procurement  Quotations were collected  New funding agency  new procurement rules  New tender opening date, June 1 st 2006  Uncertain funding delayed the equipment procurement  Quotations were collected  New funding agency  new procurement rules  New tender opening date, June 1 st 2006

12 Rwanda GovNet12 Temporary solution  Desktop computers  Borrowed network equipment from other not yet implemented ICT projects  Desktop computers  Borrowed network equipment from other not yet implemented ICT projects

13 Rwanda GovNet13 GovNet topology  Separate VLAN in the fiber backbone  Using one centralized gateway  Removed NATs at the nodes  Separate VLAN in the fiber backbone  Using one centralized gateway  Removed NATs at the nodes

14 Rwanda GovNet14 Security Solution for GovNet 1. Cost-efficient 2. Centralized 3. Scalable 1. Cost-efficient 2. Centralized 3. Scalable and decentralized

15 Rwanda GovNet15 Methodology Risk analysis Acceptable User Policy System Weakness analysis-Nessus IntrusionDetection System 802.1x+Radius EAP-TLS Attack Impact Create Exploited Result in Reduce Decrease Discover Protect Deterrent Control Detective Control Preventative Control Trigger Corrective Control Vulnerability Threat ???

16 Rwanda GovNet16 AUP and Update service Microsoft Windows Server Update Services (WSUS) Microsoft Windows Server Update Services (WSUS) Acceptable User Policy Best Practices

17 Rwanda GovNet17 Nessus Each ministry has one scanner To use free plug-ins To use selected plug-ins when scanning To use selected plug-ins when scanning

18 Rwanda GovNet18 Certification Authority And Authentication Server Authentication Challenge one decentralization … … Ministry A 10.10.10.1 … Ministry B 10.10.10.2 ISP x x Terracom Certification Authority And Authentication Server Client side certificate Certificate of CA Server side certificate Certification Authority And Authentication Server

19 Rwanda GovNet19 Authentication Challenge two Alcatel Switch issue Procurement Contract Supplier Configuration Guide Trail version Update Pre-study Phase Implementation Phase Currently Future

20 Rwanda GovNet20 Intrusion Detection System … Ministry A 10.0.5.2 Sensor SQL … Ministry B 10.0.5.2 Sensor SQL … Snort Center ACID ISP Sensor SQL

21 Rwanda GovNet21 Intrusion Protection System -- Modules 1.Configuration File 2.Debug mode or Daemon 3.Ignore list 4.System information detection module 5.Database communication module 6.Action module 7.Log module

22 Rwanda GovNet22 Intrusion Protection System --Function Diagram

23 Rwanda GovNet23 Training session Basic of network security such as security planning, policies and mechanisms 1. Network monitoring with Nagios 2. Network vulnerability scan with Nessus 1. AAA 2. Intrusion detection system with Snort 3. Intrusion protection program Network management and bandwidth monitoring with NTOP

24 Rwanda GovNet24 Network management 1/3  Installed and configured Nagios host and service monitor  Sends e-mail notifications  Will be extended with SMS notifications  Sends e-mail notifications  Will be extended with SMS notifications

25 Rwanda GovNet25 Network management 2/3  Installed MRTG  Monitors the external bandwidth  Monitors throughput at each node  Will monitor the equipment of the ISP  Installed MRTG  Monitors the external bandwidth  Monitors throughput at each node  Will monitor the equipment of the ISP

26 Rwanda GovNet26 Network management 3/3  Installed NTOP  Monitors user bandwidth usage  Can find viral activity  Can find file sharing users  Installed NTOP  Monitors user bandwidth usage  Can find viral activity  Can find file sharing users

27 Rwanda GovNet27 VoIP demonstration  Installed the SIP server SER  Used software clients  Tested between users at Mininfra and RITA  Can be extended with hardware phones  Installed the SIP server SER  Used software clients  Tested between users at Mininfra and RITA  Can be extended with hardware phones

28 Rwanda GovNet28 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

29 Rwanda GovNet29 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

30 Rwanda GovNet30 Conclusions  Despite the delayed equipment, the GovNet team were able to partly fulfill all goals  The equipment will most probably arrive Rwanda in mid June  The three Rwandan team members will then install the solutions and return the borrowed equipment  Despite the delayed equipment, the GovNet team were able to partly fulfill all goals  The equipment will most probably arrive Rwanda in mid June  The three Rwandan team members will then install the solutions and return the borrowed equipment

31 Rwanda GovNet31 Project background Goals Implementation phase Video Conclusions Future recommendations Questions Project background Goals Implementation phase Video Conclusions Future recommendations Questions

32 Rwanda GovNet32 Future Recommendations  Ways of optimizing ICT investments, better planning  Better documentation  Centralized web caching  More spare equipment  GovNet intranet  Ways of optimizing ICT investments, better planning  Better documentation  Centralized web caching  More spare equipment  GovNet intranet

33 Rwanda GovNet33 Project background Goals Implementation phase Video Conclusions Future recommendations Questions? Project background Goals Implementation phase Video Conclusions Future recommendations Questions?

34 Rwanda GovNet34 Thanks for listening Rwanda GovNet team csd2006-team2@csd.ssvl.kth.se Rwanda GovNet team csd2006-team2@csd.ssvl.kth.se

Download ppt "Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent."

Similar presentations

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar

What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Copyright 2002 Year 2 - Chapter 4/Cisco 3 - Module 4 LAN Design By Carl Marandola.

Copyright 2002 Year 2 - Chapter 4/Cisco 3 - Module 4 LAN Design By Carl Marandola.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Islamic Republic of Afghanistan Ministry of Education EMIS Directorate.

Islamic Republic of Afghanistan Ministry of Education EMIS Directorate.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.

Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Module 15: Developing a Security Plan

Module 15: Developing a Security Plan
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Similar presentations

Ads by Google