1. NIB Networking & Security Issues 09-12-2002

2. Data Networks Recent Activities Additional RAS & Router cards procured and installed at “A” and “B” type of locations Core bandwidth between A1-A1 and A1-A2 in the process of augmentation (6/26) International bandwidth augmented by about 40 Mbps

3. 09-12-2002Data Networks Daily Maintenance Status of :- Router –sh env all, sh proc cpu, sh ver links –sh ip int br, sh interfaces, sh logg RAS –sh env all, sh dial-shelf, sh dial-shelf clocks –sh controllers e1 1/0/1 call-counters, sh modem summ –disp modem pool statistics table

4. 09-12-2002Data Networks Daily Maintenance Console should be kept connected Syslog should be implemented Traffic on the links should be regularly monitored Check for balanced loading of the links Link Flapping (sh logg, Syslog), better to shut down Regularly check MRTG concerning your node Apply peer pressure to get the links up, particularly international gateways Regularly check the Website and update the relevant contents

5. 09-12-2002Data Networks Simple ways to check the Network Ping, Extended Ping Traceroute, Extended Traceroute Ping & traceroute from route- server.cerf.net/ route-server.exodus.net Nslookup, dig, whois Cyberkit, Ping Plotter

6. 09-12-2002Data Networks MRTG MRTG at “A” type of locations for traffic monitoring of whole network for internal links and customer links. (pending at JPR) Integral part of Bandwidth Augmentation procedure Keep the MRTG up-to-date and ask the upstream to update the MRTG for new links and customers Needs reconfiguration after additional card installation

7. 09-12-2002Data Networks Web site Check the web site Please please get the e-mail ids nib_ @sancharnet.in & @sancharnet.in and nib_ @sancharnet.in Keep the address information current Keep the Connectivity information current Keep the admin and Tech Contact information current

8. 09-12-2002Data Networks Few Incidents Nodes not using proper DNS Blackholing the traffic to a particular site OSPF costs changed as a result, the traffic got congested on a single link Excessive flapping on few links Loaning of IP addresses in Assam After transfer, passwords were not handed over and forgotten.

9. 09-12-2002Data Networks Security Take regular backups of RAS and Router configurations. Implement Syslog & Analyze it regularly Keep connectivity, port utilization,IP Addressing plan, cable layout plan, customer contact details up to date Keep the addressing plan confidential Keep all the passwords (CIM, RAS, Routers) secure

10. 09-12-2002Data Networks Security No default password should be there like netman, cisco On transfer, make over the passwords As far as possible use Sancharnet mail for sending network related information Remote login should be avoided, if at all done, then use it through Sancharnet only Maintain a logbook containing the details of access provided to vendors like for PM, unauthorized SNMP access, spammers,any important incident etc.

11. 09-12-2002Data Networks Security Do not Deviate from the connectivity plan Deviate from the IP Addressing plan Change the order of DNS servers Connect any equipment to LAN other than infrastructure and approved Browse and send e-mail from consoles and help desk PC’s

12. 09-12-2002Data Networks Security All the software provided should be kept secure, no unauthorized copies be made Be aware of Acceptable Use Policy Be aware of Nimda, Code Red, Spamming Be alert with hoax calls like jdbgmgr.exe Anti-Virus software should be kept updated Without Proper physical security everything is useless. Bring to the notice any situation which may lead to security compromise

13. 09-12-2002Data Networks Spam Junk Mail, UCE Why Bad –People are paying for receiving it –Consumes bandwidth & other resources –Annoying Users to be made aware of this

14. 09-12-2002Data Networks Proposed Policy to deal with SPAM & SCAN For leased users –If complaints are received continuously for 2 days, intimate to user about possible spamming from his network. –Warn the user if complaints continue for 2 days after intimation –Disconnect the user, with due intimation, temporarily for a day, after 5 days of continuous complaints –Reconnect and if complaints still continue then permanent disconnection For Dialup Users –Similar policy after identification of user

15. 09-12-2002Data Networks Educating the Users For changing the Password and checking the balance hours regularly Loaning of user-id (chance of misuse) Made aware of Acceptable Use Policy –E-mail Policy –Spamming –Network, port scan Need for keeping the Anti Virus solution updated

16. 09-12-2002Data Networks Questions?