macedonian customs administration it survey
advertisement
Macedonian Customs Administration IT Survey Equipment Description of servers, workstations, laptops and similar: the type, brand name, approximate date of manufacturing, processor architecture/type/speed, RAM, HDD capacity, available interfaces 1 Server Compaq ML350 2000 2xP-III 800MHz 512 MB 9 – 36 GB SCSI 15 2 Server Dell 6300 1997 2x P-II 512 MB SCSI RAID 18 GB 3 3 Server Dell 1300 1997 P-II 64/128 MB 4.5 – 18 GB SCSI 17 4 Server IBM x205 2004 P-IV 512 MB 36 + 72 GB 1 5 Server IBM Netfinity 3000 2003 P-IV / / 1 6 Server HP 2004 P-IV 512 MB 7 Server IBM x346 2006 P-IV 8 Server Alpha ES45 2004 AlphaCPU 1.25GHz 16 GB 36 GB 1 9 Server Alpha ES45 2004 4xAlphaCPU 1.25GHz 32 GB 18+72 GB 2 10 Server Compaq DL380 2004 P-III 1.2GHz 1.2 GB 2x18 GB 2 11 Storage Compaq 2004 / / 120 GB 1 12 Storage Compaq Storage Works 4354 2004 / / 10x72 GB 1 1 3 13 PC Compaq Evo D310/D510 2004 P-IV 1.7/2.0 GHz 512 MB 40 GB 270 14 PC HP dx2000 2006 P-IV 3 GHz 1 GB 80 GB 50 15 PC Compaq 2000 P-III 800 MHz 64 MB 20 GB 130 16 PC Dell, IBM, other 1995 + P-II 32 MB 6-20 GB 20 17 PC Fujitsu Siemens 2007 Dual core 512MB 80 GB 260 18 Laptop HP 2007 Core2Duo 1GB 80 GB 15 19 Laptop Compaq, HP 2003 + P-IV 256-1 GB 36-72 GB 30 20 Server HP ProLiant DL360 2007 Xeon 3GHz 1-4 GB 146-512GB 3 21 Server HP Integrity rx6600 2007 2xdual core 64 Itanium 2 16 GB 8x73 GB 1 22 PC Online daten 2008 Dual core 1 GB 80 GB 105 Equipment printers, scanners and all other devices: the type, brand name, approximate date of manufacturing, available interfaces Type Brand Man. Interfaces # 1 Laser printer HP 2200, 1300 2004+ Network 70 2 Printer Epson LQ 300, 570, 1070 1997+ Serial 100 3 Printer Oliveti, Minolta, other 1997+ Different 50 4 Scanner HP ScanJet 5550 2004 USB 20 5 Laser printer Xerox PHASER 2007 USB,Eth 40 6 Scaner Xerox 2007 USB 20 Equipment purchased from EU-funds? 2008, 105 PCs, 30 printers, 18 routers and network equipment, projectors, 25 CCTV Speed dome cameras... Equipment The preventive maintenance is performed in the following areas and on the basis of the following rules: Preventive maintenance of PC’s, peripheral equipment and network is done by ICT Sector staff, on every visit to the customs office or department (minimum once in 2 months). Servers are monitored on daily basis. Corrective actions are performed by our staff Networking and installations LANs (Local Are Networks) within MCA: 40 Topology: Fastethernet Number of nodes: 40 Type Brand Man. Loc. # 1 Router Cisco 1751 2003 Different 22 2 Router Cisco 2811 2007 Different 18 3 Router Cisco 3600 2003 HQ 2 4 Router Cisco 3660 2003 HQ 1 5 Router Cisco 3825 2007 HQ 1 6 Switch Cisco 3750 2006 HQ 8 7 Switch Cisco 2950 2003 Different 20 8 Switch 3-Com, Intel, other 2001 Different 10 9 Firewall ASA 5510 2006 HQ 1+failower 10 Firewall Sonicwall G250 2003 HQ 2 (outdated) 11 Firewall Sonicwall SOHO3 2003 Different 30 12 Switch Cisco 2960 2007 Different 9 Networking and installations Interconnection and connection type. - all locations are interconnected: BCPs and airports through SDH (MoI); and FrameRelay for backup Inland CO through VPN; Internet (IPSec) Some locations use PPP connection Networking and installations Protection from power breakdown UPSes used from different vendors, with different year of manufacturing, most of them recharged. All critical network and server equipment is powered through UPSes, some PCs also. Power generators in MCA HQ and also in several BCPs. In the HQ, there is separate power line for the devices mentioned. Software and databases For servers: Tru64UNIX, Unixware, Windows 2000, Windows 2003, RedHat Linux, AIX; For PCs: Windows XP and Windows Vista; software tools in use (office suites, graphic editors, etc.), - Oracle development tools (form designer, reports), Visual Studio, Java tools; OS-es in use specific software in use , - Asycuda 1.17d- Customs Declaration Processing Software; - Other in-house developed software for next purposes: - Customs offices daily registers, - Internal customs warehouses, - Quota management; - Customs guarantee management system; Software and databases - Trend Micro; antivirus software in use databases in use (type, architecture, users) Oracle 9i/Tru64UNIX/8 CPU licenses Informix 7.22/Unixware2.1.3/40 server licenses MS SQL 2000/Windows 2000/1 server license MS Access/WindowsXP/ different number od users Software and databases - All PCs are with licensed OS (Microsoft), all servers and databases are licensed. - Software is localised (i.e. it supports Macedonian language, Cyrillic alphabet), where applicable, e.g. OS for PCs and customs software; - For Asycuda system (Unixware, Informix, Asycuda server/client) ICT Sector is responsible, for PC OS and Office suite also, other software installations depend of the software developer. - According to ICT general policy, the ICT Sector has already started implementation of security policy through Active Directory (LDAP) to limit the personal user installation. Documentation, Procedures, People and Education – organisational structure ICT Sector ICT Sector(38 - 21) Assistant Director Development department (7 - 7) Head of Dep. (1) Application Developer (4 - 4) Project Manager (2 - 2) Application support department (12 - 5) Head of Dep. (1) Statistics and analytics Unit (3 - 1) Head of Unit (1) Applications adminsitrator (6 - 1) Data warehouse and analytics administrator (2 - 0) Technical support Department (18 - 8) Head of Dep. (1) System engineer for OS and IT Networks (1 - 1) OS Administrator (2 - 1) System engineer for databases (1 - 1) User Support Unit (6 - 2) Head of Unit (1) Database Administrator (1 - 0) IT Security Administrator (3 - 0) Network Administrator (1 - 0) PC technician (5 - 2) Help Desk operator (2 - 2) Network operator (1 - 1) IT Security Unit (4 - 1) Head of Unit (1) Documentation, Procedures, People and Education) The technical support department is responsible for any kind of ICT equipment relocation. The decisions are made with consensus, the job is physically done by department staff, reconnection also. For bigger, more complex relocation, different companies are engaged. About 900 people use IT equipment There are about 600 PCs, each employee in HQ uses PC, the PCs in customs offices are shared among staff. The training is organized on demand, by the training department. Security of data and communication Back Up ○ The backups are made on daily and weekly basis for the databases. ○ The technical support department is responsible for ensuring the implementation of an effective back-up strategy for serverheld software and data. Security of data and communication Anti-Virus Protection ○ As a part of general ICT policy, the antivirus application is implemented on each PC in the corporate network; ○ User support unit is responsible for the implementation of an effective Anti-Virus protection. ○ 500 antivirus user licences. Security of data and communication Passwords and accounts ○ ○ ○ ○ ○ Network, servers (OS), databases, e-mail, … are password-protected? There are restrictions for the passwords creation. (minimal length, composition of letters & numbers etc.) User support unit is responsible for creation of network and e-mail accounts and system permissions User support unit, application support unit, based on information provided by HR Sector are responsible for removing or changing user accounts There is general policy; the access to the system and the privileges are defined according to job position. Security of data and communication Encryption On network level (point to point) there is secure tunnelling E-mail/Internet We have leased line Internet connection with 5Mbps Two pool of public IP addresses Two DNS Servers -All section in Customs Administration Headquarters and heads of Customs Offices have access. Content filtering is implemented. By using firewalls and intrusion prevention system networks are protected from the potential attacks from the Internet. E-mail/Internet Users have access only for http and https ports Restriction for all executable and compressed file (exe, bat, rar, zip ect..) Restriction for all audio and video file (mp3, avi, mov, ect..) We use 32 public address for our public services (web, smtp, pop3, NAT for Asycuda servers) We monitor continually statistics about, but we don’t research use and content of e-mail accounts. There is random examination of users Internet activities, performed by IT Security staff. Special equipment Container examination and X-ray facilities Trace-Particle Detectors and/or mass spectrometers Closed Circuit Tv (CCTV) and (ANPR) There is active system with 240 cameras. Questions and Suggestions? 25
