MOR Data Center and Network Infrastructure Consultancy Service Project
MOR Data Center and Network Infrastructure Consultancy Service Project
MOR Data Center and Network Infrastructure Consultancy Service Project
Project
Network and system infrastructures
Version: 1.2
By
Information Network Security Administration (INSA)
Approval form
Abbreviation Definition
MoR Ministry of Revenue
Minister of Revenues (MoR) has requested for a data center and disaster recovery center
network infrastructure in order to run the different applications and activity of the institute.
Minister of Revenues (MoR) has been engaged in different information technology activities in
the past and INSA has collected all the necessary information during the site visit, technical
group discussion and using questioner. In response to the requirements a secure, reliable and
manageable infrastructure that can server as the backbone to the existing and upcoming activities
of the organization is designed. While price, performance, ease of management and scalability
issues continue to remain key requirements, the network infrastructure has to support the mission
critical application that will be deployed on top of this infrastructure. This project is aimed at
addressing the above-mentioned issues as per the envisioned software architecture delivered by
the To-be document of the requirement analysis. This document addresses the proposed possible
network infrastructure design, server and storage, material and operating environment
requirement for the goal of maintaining a stable, responsive, reliable and secure Local Area
Network (LAN), Data Centre network and wide area network (WAN). In this high-level design,
the security risk and vulnerability analysis are done to come up with a full-fledged security
design. The document also addresses the impact of the network design on the daily activities of
MoR.
Introduction
Minister of Revenues (MoR) is a governmental organization in Ethiopia which is responsible for
collecting and administration for both domestic and customs tax. Therefore, performing those
tasks in manual procedure is very tedious and ineffective. MoR deployed Customs Management
System (Asycuda++) for customs tax administration and SIGTAS (Standard integrated Tax
Administration System) for the management of domestic tax administration. The realization of
MoR service will create high reliance on the cyber space to facilitate tax collection and
administration processes. However, due to the nature of cyber and importance value of the MoR
systems and infrastructure might be prone to different cyber-attacks. Many threat agents like
cyber criminals, hackers, attackers, terrorist groups, insiders, enemy countries, and other
motivated individuals or groups may launch cyber-attacks. Due to these attacks, the MoR might
face a huge risk in losing its valuable assets. This document outlines the current network
infrastructure's computing and storage capabilities, along with a gap analysis conducted by
INSA. Additionally, it provides recommendations for the implementation of a new infrastructure.
Objectives
The objective of this document is to provide brief overview of the existing ICT infrastructure and
network security in order to briefly list and know new requirements of the MOR in all ICT areas.
This document will also help to prepare future documents likes of HLD and RFP.
Scope
The below map illustrates how MoR network is physically connected. The design has a
Redundant Core Switches and Routers. The network is made up of several segments, including a
core network, server farm, DMZ (demilitarized zone), and an internet segment. The core network
is the central part of the network and contains the most critical devices, such as the servers and
storage. The DMZ and Internet zone is a buffer zone between the core network and the internet
that contains less critical devices, such as web servers. The internet segment is the connection to
the public internet. The network uses a variety of devices, including routers, switches, firewalls,
and load balancers. Routers direct traffic between different segments of the network. Switches
connect devices within a subnet. Firewalls protect the network from unauthorized access. Load
balancers distribute traffic across multiple servers to improve performance.
Existing Network Infrastructure Design
1.1 List of the Network and Security Devices.
No Device Vendor Full Model Qty End of SW End of New End of Last Date Remark
Maintenan Service Vulnerabilit of
ce Attachment y/ Security Support:
Releases Date: HW Support: HW/SW
Date: HW
1 ASR Cisco ASR 1001-X 2 August 1, August 1, 2023 July 31, 2025 July 31, 2025
Router 2023
2 ISR Cisco ISR4321/k9 3 August 31, November 6, November 30, November
Router 2025 2024 2028 30,2028
ISR4400 1 August 31, November 6, November 30, November 30,
2025 2024 2028 2028
3 Core Cisco 6807 -x 02 April 30, April 30, 2023 April 30, 2027 April 30, 2027
switch 2023
4 L3 3560 G 2 January January 30,2014 January 30, 2016 January 31,
switche 30,2014 2018
s C9300 5
C3850 1 May 30, 2024 May 30, 2024 May 31, 2028 May 31, 2028
5 ZTE 3
switch
6 Brodcat HP 2
e Brocade
switch
7 Access Cisco C2960 2 October 31, October 31, 2015 October 30, October 31,
switch 2015 2017 2019
8 Firewall Cisco ASA 5510 01 August 25, September 16, September 30,
2018 2014 2018
ASA 5516-X 01 August 25, August 2, 2022 August 31, 2026 August 31,
2018 2026
ASA 5555 September 2, September 2, September 30, September 30,
2023 2023 2025 2025
Fortinat FortiGate 02 10-04-2015
e 1500D
09 Sophos XG 650 02 Not declared Not declared Not declared Not declared
10 Load Alte 02 EOL
Balanc on
er NG-
Radware
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: