Internet Service Provisioning Phase - I

1
Internet Service ProvisioningPhase - I

• August 29, 2003
• TSPT

E-mail tspt_at_telecom.net.et Web www.tspt.net.et
2
Agenda

• Existing System Architecture
• ISP Operations
• Security
• Existing ISP Problems
• TSPT Recommendations

•    

3
Existing System Architecture

• Insert Pictures here

4
ISP Operations

• Network Part
• System Part

5
ISP Operations

• Network Part

6
The gateway router Cisco7507 (the Core Layer)

• Not redundant! What if the Gateway totally fails?
• Highly overloaded routing traffic towards the two
  international links and high bandwidth leased
  line customers.
• Minimum 100baseT VIP card interfaces required on
  the gateway to support ever-growing traffic.
• The BGP configuration needs to be revised with
  the Gateway Capacity.

7
Catalyst Cisco switch 5509 (the distribution
Layer)

• Needs to be redundant.
• Should be high-speed gigabit but it isnt
• The Ethernet interfaces should be replaced to
  accommodate Internet traffic growth since it is
  an aggregate point.

8
Access Points

•      Cisco 3640 for POPs
• Recommended to be redundant.
• Upgrade need to be done.
• The routing configuration should use dynamic
  routing in case scalability and flexibility are
  required.

9
Access Points

• Cisco 3640 for Leased line
• Upgrade needed to support interfaces supporting
  bandwidth greater than 128Kbs.
• Policy based routing should be implemented to
  define security layer.
• Processing capability should be improved with
  growing leased line traffic.

10
Access Points

• Access Server Cisco AS5300
• Upgrade to Cisco AS5400 as CISCO Recommends.
• Additional Modem cards over the existing 24E1 to
  handle increasing dial up users
• The traffic behavior should be studied

11
ISP Operations

• System Part

12
Firewall Server

• The type and functionality of the firewall
  currently in use should be revised strictly.
• The server in use isnt designed to accommodate
  the ever-growing Internet traffic. Thus
  processor, memory and license issues need to be
  addressed.
• The firewall needs to be upgraded.
• Routing and policy of the firewall need to be
  revised.
• Redundancy required.

13
AAA server

• The processing capability and the memory should
  be revised.
• The radius server needs to be revised in terms of
  license and updates with growing dialup user and
  time.
• It should be configured fully redundant in terms
  of all software and license and should be
  automatic
• The overall capacity needs to be upgraded.

14
Mail server (mail.telecom.net.et)

• Increased Virus attacks via e-mail
• No Anti-Virus installed.
• Insufficient Hard disk Space for storing user
  mail boxes.
• The SMTP server is not well secured. I.e. anybody
  can send mass mailings or spam to anyone of our
  customers using any e-mail address.

15
Freemail server (www.freemail.et)

• Free Mail Server is using a trial version
• No anti-virus is activated on it.
• The freemail server is not in a position to
  accommodate the ever-growing freemail users
  unless the hard disk capacity is upgraded.

16
Web Server (www.telecom.net.et)

• Poor GUI administration
• Doesnt support the famous ASP scripts and PHP
  scripts.
• Loss of configuration files when the server is
  down due to reasons such as power failure.

17
FTP Server

• No Standalone FTP Server,
• The Web Server is acting as an FTP Server

18
Security

• Lack of proper skilled man power and security
  policy.
• Lack of proper system password allocation and
  management.
• No mass mailing and intrusion detection
  mechanism.
• Lack of proper troubleshooting procedure and
  documentation on the overall system.

19
Existing Problems on Focus
20
Existing ISP Problems

• Poor system design on both Network and System
  part
• Traffic Analysis
• Users behavior
• Redundancy Hot stand by
• System Sizing (Memory, Hard disk, Processor
  speed, etc )
• E.g. Gateway Router, Mail Server, Firewall Server
• Use of 10 base T Interface to the Gateway

21
Continued

• System Insecurity
• Technology wise
• Spam and Intrusion Detection
• Anti-virus, etc
• Expert wise
• Security Expert
• Network Management Expert
• System Expert
• Expert on proper resource management
• Communication Gap

22
Continued

• Frequent service interruptions and total service
  failures
• Lack of appropriately trained staff
• Lack of expertise
• Lack of documentation

23
TSPT Recommendations

• Short run /immediate solution/
• Upgrading the firewall to detect any
  internal/external attacks
• Upgrading the Gateway Router.
• Upgrading the Access Server.
• Deploying Anti-Virus Solution for ISP.
• Making the traffic at the gateway to follow
  simple and dynamic routing as well as to avoid
  any memory consuming matters like policy editing,
  avoiding direct leased line connections to the
  Gateway.

24
TSPT Recommendations

• Long run solution
• A well-designed ISP Network properly addressing
  the following issues
• Redundancy
• Security
• Versatile NMS and Systematic Troubleshooting
  Procedures
• Well trained staff specializing in network,
  system and security

25
The END!!

• Thank you!!