Upload
haris-stellakis
View
39
Download
0
Tags:
Embed Size (px)
Citation preview
The Security of National Network of Public Administration «SYZEFXIS»
Dr. Haris StellakisProgram Portfolio Manager, Chief Security Officer of “SYZEFXIS” NetworkInformation Society SAMarch 4, 2015
2
2000 –2001–2002–2003–2004–2005–2006 2007– 2008 – 2009 – 2010 – 2011 – 2012 – 2013 2020
3rd Community Support
Framework
4th Community Support
Framework
5th Community Support
Framework
Establishment of
Information Society SA
A Life-long Partner
900M€ 1,300M€
Acquisition of DIGITAL AID SA
Acquisition ofObservatory of Digital Greece SA
Dr. Haris Stellakis – 03/2015
3
The Role of Information Society SA
Public Administration
CitizensBusinesses
Implements Facilitates
State AidsObserves
Informatics
• ~ 180 M€
Public Reform
• ~ 70 Μ€
Telecommunications
• Syzefxis• MAN• Rural Broadband
Dr. Haris Stellakis – 03/2015
SYZEFXIS ΙΙ(600 Μ€)
RURAL(160 Μ€)
Supplemental Actions for SYZEFXIS II(10 Μ€)
SYZEFXIS Ι(45 Μ€)
ΜΑΝ(5 Μ€)
Planning Tender Auctions Implementation Operations
Effort by Vendors
Effort by I.S. SA
Telecom Projects
Dr. Haris Stellakis – 03/2015
SYZEFXIS: The State’s Telecom backbone
5
Interoperability and Apps G2B / G2C
Ministries – General Secretaries Municipalities Citizen Service Centers Financial Agencies Health Agencies Citizen Protection Agencies (Police, etc) Armed Forces EU Agencies Justice Courts Independent Agencies
Dr. Haris Stellakis – 03/2015
SYZEFXIS: 2006-2013
6
Agency Type Access Speed
Agencies
ADSL 24/1 Μbps 14283G 2/1 Mbps 50
SMALL 2/2 Mbps 2488MEDIUM 4-8/4-8 Mbps 434LARGE 34/34 Mbps 85TOTAL 4485
Free broadband access (2 – 34 Mbps)
Free onnet telephony services as well as offnet at competitive prices
Free webhosting or routing to external ISPs
Same for email services
Connection to EU Netowork “S-Testa”
Free teleconferencing services to specific deployments
Dr. Haris Stellakis – 03/2015
SYZEFXIS Ι: 2013-14
7
PoP OTE
MAN Switch
Router ΣΥΖΕΥΞΙΣ Ι
Router ΣΥΖΕΥΞΙΣ Ι
MAN Switch
Router ΣΥΖΕΥΞΙΣ Ι
SHDSL modemπρόσβασης
Κόμβος Πρόσβασης ΜΑΝ
ΜΑΝ
PBX
PBX
PBX
Kύριος κόμβος ΜΑΝ (ΚΚ)
Κόμβος ΜΑΝ πλησιέστερος στον ΟΤΕ
FE
FE
FE
PRA
PRA
PRA
GE
GE
GE
2Mbps
X.21
X.21
Router ΣΥΖΕΥΞΙΣ Ι
PBX
PRA
Κόμβος Πρόσβασης ΜΑΝ
FEGE ή FE
MAN Switch
FE
FE
FE
Metropolitan Area Fiber Optic Networks
Dr. Haris Stellakis – 03/2015
SYZEFXIS ΙΙ: 2015-2018
8
S0
5000
10000
15000
20000
25000
30000
35000
2005 2006 2008 2009 2010 2014
1.800 3.000 3.250 4.450 6.000
34.000
SIZE SPEED (Μbps)1 ADSL 24/1
2 SMALL 10/10
3 MEDIUM 100/100
4 LARGE 1000/1000
Secure broadband connection to 34.000 public
points and provision of telecom / multimedia
services 50% reduction to annual OPEX
Wireless access services 55.000 Government Agents
through the subsidization of smartphones
Secure services to Public Sector
Dr. Haris Stellakis – 03/2015
SYZEFXIS ΙΙ: 5 Subprojects
9
SIX / DC
Wireless Islet
Νησίδες 1-9
Telecom Islets 1-8
Security / Telephony /
Teleconferencing / Cabling
ISP / SLA
1
23
4
5
Dr. Haris Stellakis – 03/2015
10
Security in SYZEFXIS Ι (1/4)
Multi-stage Security Architecture:
Provision of different VPNs per Agency and/or App
Perimeter Security against the Internet• Private ΙΡ addressing• Connection through proxy
Centrally managed Security devices• Firewalls &Intrusion Detection Systems• Antivirus & antispam mechanisms• Multiple profile Web content filtering services
Perimeter Security per Islet• Intra-VPN communication for specific apps /
services, through the use of access lists• Control of Intra-VPN traffic
Dr. Haris Stellakis – 03/2015
11
Security in SYZEFXIS Ι (2/4)
Security Policy:
Within SYZEFXIS • Intra-VPN traffic• Inter-VPN traffic
Outside of SYZEFXIS• Internet• Educational Network “EDET”• EU Network s-Testa
The perimeter security lifting is subjected to approval by Information Society SA
Software control mechanisms
User’s information
Perimeter Security lifting Ticket submission Evaluation by IS
SA
Reporting to Vendor
Ticket implementation (upon approval)
Reporting to Applicant Agency
Dr. Haris Stellakis – 03/2015
12
Security in SYZEFXIS Ι (3/4)
The role of Information Society SA:
To monitor the project vendors
To support the public Agencies
To implement and improve the security policy
To leverage the collected knowledge towards the design of next G SYZEFXIS
Jan-14
Feb-14
Mar-14
Apr-14
May-14
Jun-14Jul-1
4
Aug-14
Sep-14
Oct-14
Nov-14
Dec-14
Jan-15
Feb-150
10
20
30
40
50
60
Αιτήματα Φορέων
Περιφέρειες - Δήμοι
Νοσοκομεία
ΕΛΑΣ - Πυροσβεστική - Λιμενικό
Οικονομικές Υπηρεσίες
Υπουργεία - Γεν Γραμματείες
Υπηρεσίες Κοιν Αλλυλεγγύης - Ασφ. Ταμεία
Πολεοδομίες
ΕΥΔ Προγραμμάτων ΕΕ
Μουσεία
Λοιπές Δ.Υ.
0 20 40 60 80 100 120 140 160 180
Κατηγορίες Φορέων
39%
26%
20%
6%
3% 3% 2% 1%
Κατηγορίες Αιτημάτων
Άνοιγμα επιπλέον onnet θυρών
Απόδοση πραγματικής δ/σης ΙΡ
Άνοιγμα επιπλέον ofnet θυρών
Πρόσβαση σε site
Ρυθμίσεις CPE
Παράκαμψη proxy
Επικοινωνία με άλλα δίκτυα
Ενημέρωση DNS
Dr. Haris Stellakis – 03/2015
13
Security in SYZEFXIS Ι (4/4)
State Elections through SYZEFXIS:
Levaraging of telephone infrastructure
Municipalities Prefectures Ministry of Interiors
Leveraging of internet infrastructure
Creation of a VPN between MoI, SingularLogic and Zappeio Megaro for the communication of results
Full functionality was tested on a wide scale drill (5/2014)
2014 and 2015 Elections were completed succesfully
Dr. Haris Stellakis – 03/2015
14
Security in SYZEFXIS ΙΙ (1/5)
Security/ Telephony /
Teleconferencing / CablingYE - 4
Independent Security Auditor
(1,3 Μ€)
Έργο ΔΜ
Infrastructure
Services
A combination of Actions
Dr. Haris Stellakis – 03/2015
15
Security in SYZEFXIS ΙΙ (2/5)
Security Infrastructure and Services:
Procurement of suitable security equipment
Development of a security management information system
Operation services based on SLAs (Routing, QoS)
Security Services• IP Firewall, IPS, VPN, Email & Web Antivirus-
Antispam, Web Content Filtering
User training
Dr. Haris Stellakis – 03/2015
16
Security in SYZEFXIS ΙΙ (3/5)
State-of-the-art Architecture:
Leveraging IPSEC VPN technologies
Ability to support multiple vendors in contract framework
Ability to support gradual deployment
Ability to upgrade security level for some sensitive Agencies, through the use of special-purpose encrypting devices
Κ.Υ.Α.(Ανάδοχος 1)
Κ.Υ.Α.(Ανάδοχος 2)
Κ.Υ.Α.(Ανάδοχος Ν)
Κ.Σ.Α.
Περιφερειακές Συσκευές Ασφάλειας
(Αναδόχου 1)
Περιφερειακές Συσκευές Ασφάλειας
(Αναδόχου 2)
Περιφερειακές Συσκευές Ασφάλειας
(Αναδόχου Ν)
Creation of VPNs
Φορείς εκτός ΣΥΖΕΥΞΙΣ ΙΙ
Dr. Haris Stellakis – 03/2015
17
Security in SYZEFXIS ΙΙ (4/5)
Independent Security Auditor:
Development of an ISO 27001 based ISMS
Network security auditing
Development of a specialized Information System for Security Control and Management
Consulting services / security “think tank”
Dr. Haris Stellakis – 03/2015
18
Security in SYZEFXIS ΙΙ (5/5)
At the operational level:
Creation of an independent Department for Telecommunication projects• Discrete group for SYZEFXIS
Creation of a task force among all stakeholders • Infomarmation Society SA• Project vendors• Public Agencies• Ministry of Public Reform• Other Agencies(ie, Greek FCC, etc)
ΚτΠ ΑΕ
ΥΕΔΑ
Δημόσιοι Φορείς
Ανάδοχοι Έργων
Ελεγκτής Ασφάλειας
Λοιποί Φορείς
Dr. Haris Stellakis – 03/2015
19
Epilogue
Information Society, in collaboration with: Ministry of Public Reform, The EU Managing Authorities, and The project vendors
Facilitate: The terms and specs, The framework and procedures, The tools and mechanisms, and The resources
That assure the security of SYZEFXIS network and therefore the flawless operation of Greek Public Sector.
Dr. Haris Stellakis – 03/2015
20
The End
We thank you for your attention!
Dr. Haris Stellakis – 03/2015