250 likes | 504 Views
Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecoma. Access and Security VIP Customer Portal Justin Mc Neice. VIP Customer Portal Agenda. Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom Gibtelecom.
E N D
Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecoma Access and SecurityVIP Customer PortalJustin Mc Neice
VIP Customer PortalAgenda Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Project Baseline • Introduction • Customer Portal • VIP Customer Portal • Access Gibtelecom Management Network Cacti Ciscoworks Peakflow Data Centers • Looking Glass Simple Network Management Protocol
VIP Customer PortalAgenda Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Security Introduction Concerns Secuirty Model HTTPS/SSL • Second Level Authentication • Overview of Implmentation • Wrap up • Questions
Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecoma Access and SecurityProject Baseline
VIP Customer PortalProject Baseline - Introduction Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Introduction Gibtelecom identified a need for an efficent, flexible and robust monitoring system with the introduction of the new backbone. When this area was highlighted it was thought that high bandwidth customers would appriciate a view of what was going on with their CPE equipment, as they could use it for trouble shooting purposes and would help to reduce NOC phone calls. The first attempt of a customer portal was then released to the customers known as http://stats.gibconnect.com
VIP Customer PortalProject Baseline - Customer Portal Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Customer Portal Gibtelecom implement a bandwidth, graphing and trending service whereby the whole of the new infrastructe would have to be monitored for traffic, errors, cpu usage and memory usage of every device. Customers would be able to view their status of customer premesis equipment (CPE) at any point remotely.
VIP Customer PortalProject Baseline - VIP Customer Portal Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • VIP Customer Portal As Gibtelecom’s new back bone grew, and new services, remote offices and data centers got implemented together with the noticeable success in the new pro-active mentalisim within Gibtelecom monitoring system, it was decided that the monitoring system should grow. The introduction of such monitoring systems where put into place: • Deep packet inspection • UPS monitoring • Enviromental monitoring • Traffic analysis • New management network and Backup LAN • Remote power control and access control
VIP Customer PortalProject Baseline - VIP Customer Portal Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • VIP Customer Portal Due to such monitoring systems been put into place together with Gibtelecom’s continuting commitment to fullfill the customers needs, a new VIP Customer Portal would be implemented that would integrate all these services into one, offering as much of our internal tools to our valued customers. As sensetive data would be traversing the internet and control could be gained a new access and security model was implemented in house to suite the growing mointoring and mangement system.
Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecoma Access and SecurityAccess
VIP Customer PortalAccess - Gibtelecom Management Network Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Gibtelecom Management Network As Gibtelecom transitioned from its old network to its new NGN network, a provision was made where by a non internet routed network could be available internally in order to establish a management network, this network would be completly transperant to the users and the rest of the world. At the same time was required that this network could be extended to any point in Gibraltar securely.
VIP Customer PortalAccess - Gibtelecom Management Network Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom
VIP Customer PortalAccess - Cacti Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Cacti – http://www.cacti.net/ Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. It is an open source system which provides Gibtelecom’s in house server team to modify as and when needed to access and aquire data out of any device within its network, this provides both Gibtelecom and its VIP Customers to study trends aiding troubleshoting processes of faults.
VIP Customer PortalAccess - Ciscoworks Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Ciscoworks – http://www.cisco.com/ Ciscoworks is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco Networks. It integrates these capabilities into a solution for: • Improving the accuaracy and effeciency of the network operation staff • Increasing the overall availability of the network by simplifying configuration and quickly identifying and fixing the network problem • Maximizing network security through integration with access control services and audit of network-level changes
VIP Customer PortalAccess - Ciscoworks Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Ciscoworks – http://www.cisco.com/ Ciscoworks also provides: • Hardware and software inventory management, centralized configuration tools and syslog monitoring • Monitoring and tracking of network respone time and availability • A flexible web portal for launching and navigating network managemnt • Real-time network fault analysis
VIP Customer PortalAccess - Peakflow Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Peakflow – http://www.arbornetworks.com/ Peakflow is a device which recieves traffic flows from our transit devices, it then preforms deep packet inspection and stores the data which it rcieves, such us: • Portocol Usage • Port Usage • Packet Size Amongst many other useful attributes, it has already prooven to be a useful tool to identify DDOS patterens and network usage to customers. Gibtelecom plan to provide reports to customers in the near future.
VIP Customer PortalAccess - Datacenters Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Datacenters Due to the new datacenters been built, monitoring has been a top topic within these new devlopments, new enviromental sensor concentrators and other monitoring equipment have been purchased to provide statistics for the following: • Temperature • Hummidity • Illumination • Water • Power consumption • Battery automany time
VIP Customer PortalAccess - Looking Glass Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Looking-Glass As part of Gibtelecom’s new devlopments a looking glass router was deployed in the new backbone, this looking glass router is aimed to be used world wide in order to aid troubleshooting processes when routing issues such as latency occurs. This router has now been integrated into: http://www.traceroute.org/
VIP Customer PortalAccess - Simple Network Management Protocol Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Simple Network Management Protocol The Simple Network Management Protocol, or SNMP, is the standard operations and maintenance protocol for the Internet. SNMP is one of the key technology that enabled the Internet's phenomenal growth. Developed by the Internet Engineering Task Force, this protocol is comprised of a group of RFCsSNMP is used to administer and manage networked devices. It can be used to manage large networks that span firewalls or embedded devices. Most devices within gibtelecom’s network are monitored via the Gibtelecom Management Network where the SNMP. Data gathered and alarms are sent using SNMP, these packets traverse the network securely reaching our monitoring services alearting the NOC.
Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecoma Access and SecuritySecurity
VIP Customer PortalSecurity - Introduction Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Introduction Gibtelecom recognises the attention that has to be given to the secuirty of the VIP Customer Portal due to its purpose. A security model has been established within Gibtelecoms infrastructure in order to ensure no malicous usage of the portal. The following section will highlight the main concerns and explain how the secuirty Model works with the monitoring enviroment.
VIP Customer PortalSecuirty - Concerns Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Concerns The portal provides fruitful information to the customer, as well as power control over the internet, this has and will raise many concerns to both Gibtelecom and the end customer. Below are some conerns quoted from customers: • “Will another client be able to view my data?” • “How can you ensure me that no one else can switch off my server?” • “Are the passwords secure?” • “Can the data be hijacked?”
VIP Customer PortalSecuirty - Secuirty Model Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Secuirty Model As well as https/ssl implentation a secuirty model has been adopted where by the customer portal can only read data from our monitoring servers. When a request needs to be actioned, they pass via encrypted tunnels to the monitoring servers where they are validated and executed. If the portal machine were to get compromised it would leave the attacker isolated within that DMZ.
VIP Customer PortalSecuirty – HTTPS/SSL Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • HTTPS/SSL - Verisgin • Added Secuirty: • Now using https/ssl • VeriSign Cetrified • Added Functionality: • Datacenter Integration • Looking Glass • On-line IP Tracking
VIP Customer PortalSecuirty – Second Level Authentication Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecom • Second Level Authentication Gibtelecom has extdended the customers reach into our network, introducing new web services such as PDU control. These more senstive areas will only appear on the portal upon request and with the use of a secondary login.
Gibtelecom GibtelecomGibtelecomGibtelecomGibtelecomGibtelecom Gibtelecom Gibtelecom Gibtelecoma Access and SecurityOverview of Implementation