1 / 16

NIB Networking & Security Issues

NIB Networking & Security Issues . 09-12-2002. Recent Activities. Additional RAS & Router cards procured and installed at “A” and “B” type of locations Core bandwidth between A1-A1 and A1-A2 in the process of augmentation (6/26) International bandwidth augmented by about 40 Mbps .

bevis
Download Presentation

NIB Networking & Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIB Networking & Security Issues 09-12-2002

  2. Recent Activities • Additional RAS & Router cards procured and installed at “A” and “B” type of locations • Core bandwidth between A1-A1 and A1-A2 in the process of augmentation (6/26) • International bandwidth augmented by about 40 Mbps Data Networks

  3. Daily Maintenance Status of :- • Router • sh env all, sh proc cpu, sh ver • links • sh ip int br , sh interfaces, sh logg • RAS • sh env all, sh dial-shelf, sh dial-shelf clocks • sh controllers e1 1/0/1 call-counters , sh modem summ • disp modem pool statistics table Data Networks

  4. Daily Maintenance • Console should be kept connected • Syslog should be implemented • Traffic on the links should be regularly monitored • Check for balanced loading of the links • Link Flapping (sh logg, Syslog), better to shut down • Regularly check MRTG concerning your node • Apply peer pressure to get the links up, particularly international gateways • Regularly check the Website and update the relevant contents Data Networks

  5. Simple ways to check the Network • Ping, Extended Ping • Traceroute, Extended Traceroute • Ping & traceroute from route-server.cerf.net/ route-server.exodus.net • Nslookup, dig, whois • Cyberkit, Ping Plotter Data Networks

  6. MRTG • MRTG at “A” type of locations for traffic monitoring of whole network for internal links and customer links. (pending at JPR) • Integral part of Bandwidth Augmentation procedure • Keep the MRTG up-to-date and ask the upstream to update the MRTG for new links and customers • Needs reconfiguration after additional card installation Data Networks

  7. Web site • Check the web site • Please please get the e-mail ids nib_<city>@sancharnet.in & <city>@sancharnet.in and nib_<circle>@sancharnet.in • Keep the address information current • Keep the Connectivity information current • Keep the admin and Tech Contact information current Data Networks

  8. Few Incidents • Nodes not using proper DNS • Blackholing the traffic to a particular site • OSPF costs changed as a result, the traffic got congested on a single link • Excessive flapping on few links • Loaning of IP addresses in Assam • After transfer, passwords were not handed over and forgotten. Data Networks

  9. Security • Take regular backups of RAS and Router configurations. • Implement Syslog & Analyze it regularly • Keep connectivity, port utilization,IP Addressing plan, cable layout plan, customer contact details up to date • Keep the addressing plan confidential • Keep all the passwords (CIM, RAS, Routers) secure Data Networks

  10. Security • No default password should be there like netman, cisco • On transfer, make over the passwords • As far as possible use Sancharnet mail for sending network related information • Remote login should be avoided, if at all done, then use it through Sancharnet only • Maintain a logbook containing the details of access provided to vendors like for PM, unauthorized SNMP access, spammers,any important incident etc. Data Networks

  11. Security Do not • Deviate from the connectivity plan • Deviate from the IP Addressing plan • Change the order of DNS servers • Connect any equipment to LAN other than infrastructure and approved • Browse and send e-mail from consoles and help desk PC’s Data Networks

  12. Security • All the software provided should be kept secure, no unauthorized copies be made • Be aware of Acceptable Use Policy • Be aware of Nimda, Code Red, Spamming • Be alert with hoax calls like jdbgmgr.exe • Anti-Virus software should be kept updated • Without Proper physical security everything is useless. • Bring to the notice any situation which may lead to security compromise Data Networks

  13. Spam • Junk Mail, UCE • Why Bad • People are paying for receiving it • Consumes bandwidth & other resources • Annoying • Users to be made aware of this Data Networks

  14. Proposed Policy to deal with SPAM & SCAN • For leased users • If complaints are received continuously for 2 days, intimate to user about possible spamming from his network. • Warn the user if complaints continue for 2 days after intimation • Disconnect the user, with due intimation, temporarily for a day, after 5 days of continuous complaints • Reconnect and if complaints still continue then permanent disconnection • For Dialup Users • Similar policy after identification of user Data Networks

  15. Educating the Users • For changing the Password and checking the balance hours regularly • Loaning of user-id (chance of misuse) • Made aware of Acceptable Use Policy • E-mail Policy • Spamming • Network, port scan • Need for keeping the Anti Virus solution updated Data Networks

  16. Questions? Data Networks

More Related