Internet Service Provisioning Phase - I August 29, 2003 TSPT E-mail: [email protected]@telecom.net.et Web: .

Internet Service ProvisioningInternet Service Provisioning

Phase - IPhase - I

August 29, 2003

TSPT

E-mail: [email protected]

Web: www.tspt.net.et

Agenda Agenda

Existing System Architecture

ISP Operations

Security

Existing ISP Problems

TSPT Recommendations

Existing System ArchitectureExisting System Architecture

Insert Pictures here …

ISP OperationsISP Operations

Network Part System Part

ISP OperationsISP Operations

Network Part

The gateway router Cisco7507The gateway router Cisco7507 (the Core Layer) (the Core Layer)

Not redundant! What if the Gateway totally fails? Highly overloaded routing traffic towards the two

international links and high bandwidth leased line customers.

Minimum 100baseT VIP card interfaces required on the gateway to support ever-growing traffic.

The BGP configuration needs to be revised with the Gateway Capacity.

Catalyst Cisco switch 5509Catalyst Cisco switch 5509 (the distribution Layer)(the distribution Layer)

Needs to be redundant. Should be high-speed gigabit but it isn’tThe Ethernet interfaces should be replaced

to accommodate Internet traffic growth since it is an aggregate point.

Access PointsAccess Points

     Cisco 3640 for POP’s Recommended to be redundant. Upgrade need to be done. The routing configuration should use dynamic routing in case scalability and flexibility are required.

Access Points …Access Points …

Cisco 3640 for Leased line Upgrade needed to support interfaces

supporting bandwidth greater than 128Kbs.

Policy based routing should be implemented to define security layer.

Processing capability should be improved with growing leased line traffic.

Access Points …Access Points …

Access Server Cisco AS5300 • Upgrade to Cisco AS5400 as CISCO

Recommends.• Additional Modem cards over the existing

24*E1 to handle increasing dial up users • The traffic behavior should be studied

ISP OperationsISP Operations

System Part

Firewall ServerFirewall Server

The type and functionality of the firewall currently in use should be revised strictly.

The server in use isn’t designed to accommodate the ever-growing Internet traffic. Thus processor, memory and license issues need to be addressed.

The firewall needs to be upgraded. Routing and policy of the firewall need to be

revised. Redundancy required.

AAA serverAAA server

The processing capability and the memory should be revised.

The radius server needs to be revised in terms of license and updates with growing dialup user and time.

It should be configured fully redundant in terms of all software and license and should be automatic

The overall capacity needs to be upgraded.

Mail server (Mail server (mail.telecom.net.etmail.telecom.net.et))

Increased Virus attacks via e-mailNo Anti-Virus installed.Insufficient Hard disk Space for storing user

mail boxes.The SMTP server is not well secured. I.e.

anybody can send mass mailings or spam to anyone of our customers using any e-mail address.

Freemail server (Freemail server (www.freemail.etwww.freemail.et))

Free Mail Server is using a trial version No anti-virus is activated on it.The freemail server is not in a position to

accommodate the ever-growing freemail users unless the hard disk capacity is upgraded.

Web Server (Web Server (www.telecom.net.etwww.telecom.net.et)) Poor GUI administration Doesn’t support the famous ASP scripts

and PHP scripts. Loss of configuration files when the

server is down due to reasons such as power failure.

FTP ServerFTP Server

No Standalone FTP Server,The Web Server is acting as an

FTP Server

SecuritySecurity

Lack of proper skilled man power and security policy.

Lack of proper system password allocation and management.

No mass mailing and intrusion detection mechanism.

Lack of proper troubleshooting procedure and documentation on the overall system.

Existing Problems on FocusExisting Problems on Focus

Existing ISP ProblemsExisting ISP Problems Poor system design on both Network and System

part:Traffic AnalysisUsers behaviorRedundancy & Hot stand bySystem Sizing (Memory, Hard disk, Processor

speed, etc …) • E.g. Gateway Router, Mail Server, Firewall

ServerUse of 10 base T Interface to the Gateway

Continued …Continued …

System InsecurityTechnology wise

• Spam and Intrusion Detection• Anti-virus, etc …

Expert wise• Security Expert• Network Management Expert• System Expert• Expert on proper resource management

Communication Gap

Continued …Continued …

Frequent service interruptions and total service failures

Lack of appropriately trained staffLack of expertise Lack of documentation

TSPT RecommendationsTSPT Recommendations

Short run /immediate solution/ Upgrading the firewall to detect any

internal/external attacks Upgrading the Gateway Router. Upgrading the Access Server. Deploying Anti-Virus Solution for ISP. Making the traffic at the gateway to follow

simple and dynamic routing as well as to avoid any memory consuming matters like policy editing, avoiding direct leased line connections to the Gateway.

TSPT Recommendations …TSPT Recommendations …Long run solutionA well-designed ISP Network properly

addressing the following issues Redundancy Security Versatile NMS and Systematic Troubleshooting

Procedures Well trained staff specializing in network, system

and security

The END!!The END!!

Thank you!!