Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan...

Rwanda GovNetRwanda GovNet

Xuan PanNkusi Issa

Claude HakizimanaJoakim Slettengren

Innocent Nkurunziza

Xuan PanNkusi Issa

Claude HakizimanaJoakim Slettengren

Innocent Nkurunziza

Team 2 - csd2006-team2@csd.ssvl.kth.seTeam 2 - csd2006-

team2@csd.ssvl.kth.se

Rwanda GovNetRwanda GovNet 22

AgendaAgenda

Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions

Project backgroundProject backgroundA new fiber optic network was installed for government departments in Kigali, Rwanda

Faced network instability due to viruses, DoS etc.

Difficult to detect or prevent the user causing problems

Difficult to monitor who was using the network resources

Lack of network policies

A new fiber optic network was installed for government departments in Kigali, Rwanda

Faced network instability due to viruses, DoS etc.

Difficult to detect or prevent the user causing problems

Difficult to monitor who was using the network resources

Lack of network policies

GovNet pilot projectrequirements

Pilot project for selected nodes of the network

Establish basic network security

Bandwidth monitoring, network management

Create network policiesEasy to use and cheap, open source

Pilot project for selected nodes of the network

Establish basic network security

Bandwidth monitoring, network management

Create network policiesEasy to use and cheap, open source

PrincipalPrincipal

First principal, RITA, Rwanda Information and Technology Authority

The GovNet team got a new principal in March, Ministry of Infrastructure

Changes of the goalsFocus mainly on Ministry of Infrastructure and its PSOs (RITA)

First principal, RITA, Rwanda Information and Technology Authority

The GovNet team got a new principal in March, Ministry of Infrastructure

Changes of the goalsFocus mainly on Ministry of Infrastructure and its PSOs (RITA)

QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.

Goals 1/2Goals 1/2

Replace Linux routers with network equipment

Increase connectivity between government departments

Develop an AUPPresent a network security solution

Present a network management solution

Replace Linux routers with network equipment

Increase connectivity between government departments

Develop an AUPPresent a network security solution

Present a network management solution

Goals 2/2Goals 2/2

Demonstrate VoIP in at least two sites

Conduct a training session to ensure the sustainability of the solutions

Demonstrate VoIP in at least two sites

Conduct a training session to ensure the sustainability of the solutions

Equipment procurementEquipment procurement

Uncertain funding delayed the equipment procurement

Quotations were collected

New funding agency new procurement rules

New tender opening date, June 1st 2006

Uncertain funding delayed the equipment procurement

Quotations were collected

New funding agency new procurement rules

New tender opening date, June 1st 2006

Temporary solutionTemporary solution

Desktop computersBorrowed network equipment from other not yet implemented ICT projects

GovNet topologyGovNet topology

Separate VLAN in the fiber backbone

Using one centralized gateway

Removed NATs at the nodes

Separate VLAN in the fiber backbone

Using one centralized gateway

Removed NATs at the nodes

T e r r a c o m

I n t e r n e t

G o v N e t G a t e w a y

R I T A

M I N I N F R A

N e w i n s t i t u t i o n

L e g e n d

F i b r e c a b l e

V S A T L i n k

Security Solution for GovNet

1. Cost-efficient

2. Centralized

3. Scalable

1. Cost-efficient

2. Centralized

3. Scalable

and decentralized

MethodologyMethodology

Risk analysis

Acceptable User Policy

System Weakness analysis-Nessus

802.1x+Radius EAP-TLS

Attack

Impact

Create

Exploited

Result in

Reduce

Decrease

Discover

Protect

DeterrentControl

DetectiveControl

PreventativeControl

Trigger

CorrectiveControl

Vulnerability

Threat

AUP and Update serviceAUP and Update service

• Microsoft Windows Server Update Services (WSUS)• Microsoft Windows Server Update Services (WSUS)

• Acceptable User Policy• Acceptable User Policy

• Best Practices• Best Practices

NessusNessus

• Each ministry has one scanner • Each ministry has one scanner

• To use free plug-ins • To use free plug-ins

• To use selected plug-ins when scanning

Certification AuthorityAnd

Authentication Server

Authentication Challenge

one decentralization

Authentication Challenge

one decentralization

Ministry A10.10.10.1

Ministry B10.10.10.2

TerracomCertification AuthorityAnd

Client side certificate

Certificate of CA

Server side certificate

Certification AuthorityAnd

Authentication Challenge two

Alcatel Switch issue

Authentication Challenge two

Alcatel Switch issue

Procurement ContractSupplier

Configuration Guide

Trail version

Update

Pre-study Phase

Implementation Phase

Currently

Future

Intrusion Detection System

Ministry A10.0.5.2

Sensor

Ministry B10.0.5.2

Sensor

…SQL SQL

Snort CenterACID ISP

Sensor

Intrusion Protection System -- Modules

1. Configuration File

2. Debug mode or Daemon

3. Ignore list

4. System information detection module

5. Database communication module

6. Action module

7. Log module

Intrusion Protection System --Function DiagramIntrusion Protection System --Function Diagram

Training sessionTraining sessionBasic of network security such as

security planning, policies and mechanisms

1. Network monitoring with Nagios2. Network vulnerability scan with Nessus

1. AAA2. Intrusion detection system with Snort3. Intrusion protection program

Network management

and bandwidth

monitoring with NTOP

Network management 1/3 Network management 1/3

Installed and configured Nagios host and service monitor

Sends e-mail notifications

Will be extended with SMS notifications

Sends e-mail notifications

Will be extended with SMS notifications

Network management 2/3Network management 2/3

Installed MRTGMonitors the external bandwidth

Monitors throughput at each node

Will monitor the equipment of the ISP

Installed MRTGMonitors the external bandwidth

Monitors throughput at each node

Will monitor the equipment of the ISP

Network management 3/3Network management 3/3

Installed NTOPMonitors user bandwidth usage

Can find viral activity

Can find file sharing users

Installed NTOPMonitors user bandwidth usage

Can find viral activity

Can find file sharing users

VoIP demonstrationVoIP demonstration

Installed the SIP server SER

Used software clientsTested between users at Mininfra and RITA

Can be extended with hardware phones

Installed the SIP server SER

Used software clientsTested between users at Mininfra and RITA

Can be extended with hardware phones

ConclusionsConclusions

Despite the delayed equipment, the GovNet team were able to partly fulfill all goals

The equipment will most probably arrive Rwanda in mid June

The three Rwandan team members will then install the solutions and return the borrowed equipment

Despite the delayed equipment, the GovNet team were able to partly fulfill all goals

The equipment will most probably arrive Rwanda in mid June

The three Rwandan team members will then install the solutions and return the borrowed equipment

Future RecommendationsFuture Recommendations

Ways of optimizing ICT investments, better planning

Better documentationCentralized web cachingMore spare equipmentGovNet intranet

Ways of optimizing ICT investments, better planning

Better documentationCentralized web cachingMore spare equipmentGovNet intranet

Project backgroundGoalsImplementation phaseVideoConclusionsFuture recommendationsQuestions?

Thanks for listeningThanks for listeningRwanda GovNet teamcsd2006-team2@csd.ssvl.kth.se

Rwanda GovNet teamcsd2006-team2@csd.ssvl.kth.se

Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan...

Documents

Practical intro to kanban- Joakim Sunden

Joakim hegge holstad

Joakim Slorstad, Telenor Group – Learning

Joakim Palme Poltics and inequality 2 nov

Joakim Jardenberg's presentation

The Ubiquitous Eye Tracker (Joakim Isaksson, Tobii)

Joakim Boor - Francisco Franco y Bahamonde

Joakim Helenius – Saaremaa majandus 20 aasta pärast

JG Hakizimana Final

Systemförvaltningsdagarna 2013 joakim lindbom - v1.0

Joakim sustelo aí vem o outono

Mattias joakim

Joakim krook reinnova

Joakim Hökegård, Shout Advertising

Joakim formo camp_digital

PLIVAČ - JOAKIM ZANDER

Portfolio Joakim Sätterman 2014

Art by Joakim Nordin

Joakim Ojanen / Självbild

Joakim mattias