[afnog] [AfrISPA.Discuss] Securing our network

Raymond Macharia raymond at accesskenya.com
Mon May 5 06:28:14 UTC 2008


Hi,
Just to add my 2 cents worth.
I like looking at security from a physical perspective. We deploy gates
(firewalls/IPS), Fences (ACLs), Alarms (IDS) and doors in our houses.
Something else that many do is have a neighbourhood watch or a night guard
in the neighbourhood. 
In this regard the equivalent of  neighbourhood watch or night guard on the
internet are sites that offer up to date information on the latest security
threats and trends which would help all of us to make necessary preparedness
to deal with them. Below are some that I find useful.

http://www.dshield.org/indexd.html

http://tools.cisco.com/security/center/home.x

http://www.securityfocus.com/

http://www.us-cert.gov/



Best Regards

Raymond Macharia 


-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of
S. Oduor
Sent: 2008-04-28 00:28
To: Discuss at afrispa.org
Cc: afnog at afnog.org
Subject: Re: [afnog] [AfrISPA.Discuss] Securing our network

> What is Africa doing about security,  specially the government, and the
ISP's.  > Can anyone from local ISP share how they fight or if there is
such a
>community where African ISP share knowledge and experience, DoS attack is
>getting advance, and hard to stop. I know in the US, we try our best to
stop, in >advance, but deploying tools like Ciscoguard, and other tools,
that kind of >pre-detects the health of the packet, We all though V6
would provide more >security,  but it seems that is not case.  I would
like to hear how other fight this
> nasty fight.

Hi,
I would talk about this on ISP level since this is my area of expertise,
The internet being a global  community  ISP's in Africa also deploy the
same technology used in other continents to stop any sort of attacks in
advance.  One of the communities African IT engineers share knowledge and
experience is through this mail list Afrispa and Afnog. There are several
other malling lists available locally in my country kenya but one thing is
that internet is a global venture I personally have subscribed to NANOG
and much other mailling lists to share knowledge not in Africa. Besides
that we had a group composed of several IT engineers and we would meet on
Friday evenings for a cup of coffee and talk on matters relating to
challenges in the vast IT industry to enhance our knowledge base geared
upon meeting resolutions in a timely manner.

To tackle a little bit on security ,  its impossible to offer 100 %
security level based on any network model.  On Network & Application layer
what I operate in terms of regulating security are:-
 1. Intrusion Prevention measures which include firewall set-ups, patching
up of softwares discovered to have some security hole and trying  much to
stick with open-source software for a server being set-up for high 
delivery since its proven better over windows in the test of time and you
can always find guyz ready to help you free with bugs on the global
community.

 2. Intrusion Detection which identify security flaws within the
system/network   this either sends a text msg or email alert to my phone
seeking intervention of a flaw or suspected flaw. In worst cases of DOS
attempt we can have all that  malicious subnet dropped from both the
network and application level automatically.

3. Awareness creation - This basically involved advising customers on best
industry standards with respect to security.

4. Back-ups - Of course this is when the worst happens  you need a
restoration point  or an alternative to ensure redundancy this is what I
practice using automated scripts on application level and different mode's
for the network.

Above is what  is mostly practiced in much African ISP's. In my scenario 
much of it t is currently going to the budget allocation to buy more
products that have been geared with security in mind this also apply to
application softwares that are more robust in terms or security to reduce
the effect of this menace.

Their is no direct set-up rules and procedures to govern  internet crime
in most countries. This is one thing that should be on the pipeline but it
would eminently require lots of international support probably the UN
level since this would harmonies international laws.  Right now my country
hopes to get fibre connection linking it to the rest of the world and the
focus should highly shift to security with faster speeds of up to 50 ms 
unlike current not less than  600 ms which somehow deters malicious chaps
from interest in exploits. With the fibre we will have a greater challenge
to regulate flawlessness due to the faster speed and also because more
people would embrace the internet to boost their business presence.

Much Rgds
Sam Oduor.



















-- 
..:. loyalty .:..
  God said: Don't pray to other gods or even mention their names.
  Exodus 23:13


-----------------------------------------
This email was sent using Accesskenya Group Ltd Webmail.
   "Winner of 5 COYA Awards 2007, Now Listed on NSE: ACK !"
http://www.accesskenya.com/

_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog




More information about the afnog mailing list