Εργασίες του ΟΤΕ για το δίκτυο VDSL

Διάβασα στην Xanthi press ότι ο ΟΤΕ ο ΟΤΕ «εγκαθιστά το πρώτο δικτύο οπτικών ινών νέας γενιάς VDSL στην Ξάνθη». Καταρχήν δεν είναι το πρώτο δίκτυο οπτικών ινών και δεν είναι δίκτυο οπτικών ινών με την έννοια του ότι η ίνα δεν φτάνει ούτε στο χρήστη ούτε στο κτίριο του. Ο χρήστης συνδέεται με χαλκό με την μόνη διαφορά ότι ο εξοπλισμός xDSL βρίσκεται στο ικρίωμα (ΚΑΦΑΟ) του ΟΤΕ σε σχετικά κοντινή απόσταση με τον χρήστη.

Σε όλη την Ευρώπη οι τηλεπικοινωνιακοί πάροχοι με δεσπόζουσα θέση στην αγορά, όπως ο ΟΤΕ, εγκαθιστούν δίκτυα FTTx με την οπτική ίνα στο χρήστη. Ακόμα χειρότερα, ενώ έσκαψαν όλη την πόλη, η τεχνολογία των σωληνώσεων που εγκατέστησαν και των οπτικών ινών δεν επιτρέπει την περαιτέρω αναβάθμιση σε FTTx. Δεν εγκατέστησαν μικροσωλήνια συστήματα παρά μια ή δύο σωλήνες Φ40 με ένα καλώδιο οπτικών ινών με σκληρό περίβλημα να περνάει μέσα από αυτές.

Όσο, για το πρώτο δίκτυο οπτικών ινών στην Ξάνθη, και αυτό είναι λάθος. Στην Ξάνθη έχει εγκατασταθεί εδώ και χρόνια το ΜΔΟΙ (Μητροπολιτικό δίκτυο οπτικών ινών) του Δήμου Ξάνθης. Το ΜΔΟΙ συνδέει όλα τα κτίρια δημοσίου ενδιαφέροντος με οπτικές ίνες και ενεργό εξοπλισμό, προσφέροντας συμμετρικές ταχύτητες μέχρι 1Gbps (20πλάσια από την μέγιστη ταχύτητα που θα προσφέρει το VDSL του ΟΤΕ). Εδώ και αρκετούς μήνες τα σχολεία της Ξάνθης είναι συνδεδεμένα στο internet με αυτές τις ταχύτητες.

Οι εκπαιδευτικές κοινότητες προσπαθούν, το τελευταίο διάστημα, να βρουν τρόπους για να συμπληρώνουν τις παραδοσιακές μεθόδους διδασκαλίας και μάθησης, χρησιμοποιώντας διδακτικά σενάρια που εκθέτουν τους μαθητές τους σε υλικό του μαθήματος που βρίσκεται στο διαδίκτυο.

Μια διαδικτυακή πλατφόρμα που έχει χρησιμοποιηθεί ευρέως για τη στήριξη της συνεργατικής μάθησης είναι το Wiki, το οποίο επιτρέπει την εύκολη δημιουργία και επεξεργασία οποιουδήποτε αριθμού αλληλένδετων ιστοσελίδων με μια εξαιρετικά συνεργατική μέθοδο. Ως αποτέλεσμα, τα Wikis αποδεδειγμένα παρουσιάζουν ιδιαίτερο ενδιαφέρον για τη συμπλήρωση και επέκταση των διδακτικών σεναρίων.

Ωστόσο, η χρήση των Wikis από τους μαθητές χωρίς περαιτέρω καθοδήγηση έχει αποδειχθεί ότι δεν παράγει τα επιθυμητά αποτελέσματα. Στα εκπαιδευτικά περιβάλλοντα, τα κομμάτια της γνώσης πρέπει να εντοπίζονται εύκολα και να είναι καλά δομημένα.

Στην εργασία αυτή, προτείνουμε τη συμπληρωματική χρήση εργαλείων Νοητικής Χαρτογράφησης για να ξεπεραστούν τα μειονεκτήματα των συστημάτων Wiki και την ενίσχυση της χρήσης των Wiki σε εκπαιδευτικά περιβάλλοντα.

Ο κύριος στόχος της εργασίας μας είναι να παρέχει στους μαθητές ένα τρόπο για να δομούν συγκροτημένες σχέσεις ανάμεσα στα θέματα, όταν χρησιμοποιούν Wikis. Επιπλέον, παρουσιάζονται τα  διαφορετικά επίπεδα αλληλεπίδρασης μεταξύ των Wikis και των Νοητικών Χαρτών μέσα από τη μελέτη περίπτωσης του διδακτικού σεναρίου εργασίας «Ελληνική μυθολογία»

Εργασία που θα παρουσιαστεί στο 5ο Συνέδριο Καθηγητών Πληροφορικής.

This is a How-To guide for becoming an SNE, when you are working for the Greek Public Administration. The procedures that have to be followed and the permits that have to be obtained by a candidate are documented. While some of them apply to a candidate from any Member State, the particularities of the Greek Public Administration are followed and explained.

Besides of a guide for candidates, this post aims to be an incentive for the Greek Government to simplify this rather complex and time consuming procedure.

Resources: EU's official site for Seconded National Experts, Secondment Rules.

Qualifications and experience required

You must have at least three years work experience at an appropriate level and your employer will need to supply the Commission with a statement of the nature of your employment over the previous year. You should have a satisfactory knowledge of a second Community language in addition to your native language. The EU institution or the Agency that offers the post, usually takes geographical and gender balance into account when considering Seconded National Experts.

Additionally to these requirements, for each post, specific selection criteria will apply. These selection criteria can be a University degree and experience on specific professional areas.

The application procedure

The Seconded National Experts are recruited from EU countries via their Permanent Representations to the EU. The Greek Permanent Representation forwards these requests to the Ministry of Interiors, General Secreteriat of Public Administration. Usually, each month a document is posted with the open calls and adequate time is given for applicants. You can obtain this document from the secretariat's page. Most of the Agencies and Institutions also post the vacancies in their web sites.

You must then complete a European CV, preferably in English, and forward it to the Greek Permanent Representation, Mrs. V. Skalistira, by both mail (admin@rp-grece.be) and fax (003225515619). Pay attention in filling in the field of "DESIRED EMPLOYMENT / OCCUPATIONAL FIELD". Several Agencies and Institutions require that you also submit a custom made application form and / or a motivation letter. You should obtain this form from  their web site.

At some point in time, the General Secretariat of Public Administration, required that you submitted these applications through your employer, so that he is aware of your actions. This, of course, can create problems with your career development inside your organisation, specially when this has to happen in such an early stage. While this is not currently the case, it might return in the future.

Selection Procedure

The applications from the permanent representations of all EU member states, will end up at the Human Resources section of the Agency or the Directorate General (DG) of the vacancy. There, a (three person)  selection committee will be appointed. You are not allowed to contact any member of this committee.

The work flow for the committee is the following:

• They create a list of about 10 candidates to be interviewed, based on their CV's, Applications and Motivation Letters;
• Conduct the interviews and assess the candidates;
• Propose to the director of the agency or the DG a short list of successful candidates.

When you are called for an interview, you will be asked to provide supporting documents to your CV. Also, you have to prepare yourself about the Agency or Unit of the vacancy, it's operation and mandate and the requested expertise. The interview will be held in the working language of the post. During the interview you should expect detailed questions about those subjects as well as a written exam to both assess your knowledge and your drafting skills. Also, any knowledge of third languages will be assessed.

Appointment Procedure

If you made it to the short list of the successful candidates, you might be selected by the director of the Agency or the DG, to be seconded to their service. This will happen through a letter from the agency or DG to your employer through the Greek Permanent Representation, mentioning a starting date usually one month ahead. Your employer should reply to this letter by appointing you or declining the request. While most of the Member States of the EU are more than willing to have public servants of their country seconded to the EU, Greece makes the procedure very painful and time consuming. While in Greece you need approximately 4 months to get the approval for the secondment, in other EU countries this takes 15 days. Where in the case of declining, there might never be a response, which of course is rude.

According to the article 7 of the Greek Law 3320/2005 (FEK 48/A) the following procedure has to be applied:

1. You should send a request petition to your employer's Human Resources Department  in addition to the letter from the Greek Permanent Representation.
2. The documents are forwarded to the staff committee that has to give its approval. The staff committees usually convene once a month.
3. On the positive outcome, the decision for the secondment is scribed and forwarded for approvals through the chain of hierarchy up to the level of the minister, if you are a national public servant. This can take from 10 to 20 days.
4. If nobody stops the procedure (and the invent numerous ways to at least lag it), the decision returns to the HR. Then they have to forward it to two other ministries to obtain the approval of the minister of interiors and the minister of economics. This can only happen in sequence and not in parallel.
5. For the ministry of interior, your HR has to forward the decision to the ministries "Human Resources Directorate, Changes Department (Δ/νση Διοίκησης Ανθρώπινου Δυναμικού, Τμήμα μεταβολών)", Vasilis Sofias 15, Athens.
6. The decision will get approvals of the chain of hierarchy up to the vice-minister of interiors. This can take from 10 to 20 days. If the hierarchy discovers problems in the preparation of the document, they will return it for edits back to the HR of your ministry. Of course, this adds time. Generally speaking, you should not have any problems obtaining the authorisation from the ministry of interiors.
7. The decision is returned to your ministries HR department to be then forwarded to the ministry of economics.
8. Fo the ministry of economics, your HR has to forward the decision to the "General Accounting Office, Directorate D21, Section C (Γενικό Λογιστήριο του Κράτου, Διευθύνση Δ21, Τμήμα Γ)", Panepistimiou 37, Athens.
9. Again, the same procedure as in step six (6) is applied. The vice-minister is again the one that authorises.
10. The decision is returned to your ministries HR department, where they should put through the decision and forward it to the agency or the DG through the Greek Permanent Representation. This will also take 10 days.

This procedure can be slightly different if you are an regional or local civil servant or a servant in a authority or organisation that is either independent (e.x. Data Protection Authority) or loosely related to the public administration (e.x. Managing Authority of the Operational Program). This means that you might need the authorisation of more or less roles.

When, the letter is received by the Agency or DG, they will officially ask you for a new staring date. Before you start your secondment, they will ask you to provide several documents:

• A letter from your social security, that you will remain under the social security and pension schemes provided by the Greek public administration.
• A certificate of permanent residence that you have to obtain from your Municipality.
• Forms that have to be filled and signed from you and your employer.

Please note that the duration of the secondment, as will be noted in the decision that you will obtain by your employer will by backdated. Meaning that it would have started before the date that the decision is issued or forwarded to the Greek Permanent Representation. This means that your secondment time will be effectively shorter than you expected.

Please provide me with your feedback on the procedures that were followed for your cases, so I can amend and correct the document.

Events that might hinder your secondment

In the (likely) event where an election procedure happens to take place during the period that the decision for your secondment is being processed. The procedure has to be paused and resumed after the elections.

In the (also likely) event where one of the three authorising ministers changes having signed the authorisation, the new minister taking office has to re-authorise it.

Conclusions

Its is obvious that the procedure followed by the Greek Administration is inefficient. Thus, the relevant law should change. Specifically, as this law applies to seconding Greek Public Servants to all International Organisations where Greece participates and given the fact that Greece as all other EU member states wants to have Greek public Servants Seconded to EU Agencies and Institutions, a new simple procedure has to be applied for this case. This has to be amended either by law or as a clarification to this law.

This procedure for secondment to an EU Agency or institution, where the Agency or Institution pays all the foreseen allowances :

• Should require only the endorsement of the Staff committee of your organisation
• and the authorisation should be given by the General Directorate for Human Resources.

Please, give me your feedback on the feasibility of such a procedure.

What is DNS?

In our modern way of living we are using digital identifiers to perform a number of tasks. We use digital identifiers to visit a web page, i.e. we enter the unified resource locator (URL) in the address bar of a web browser, to send an email, to login at page or program, to dial a number and in plenty more circumstances. In most of the cases, these digital identifiers are used to lookup up a secondary or another format of information. When we are visiting a web page the URL is used to lookup among other things the IP address of the internet server that hosts the page. The IP address is used by our client to connect to the server.

The Domain Name System (DNS) is the protocol and the worldwide system that associates a category of digital identifiers, called domains, to a variety of data. DNS is a distributed, hierarchical system. There are a lot of islands of information, each authoritative for a number of domains. These islands are called zones. The authority for each subdomain is delegated by referrals to other islands of information, i.e. other servers, possible remote and under another authority’s control. It is clear that no authority has or can acquire full knowledge of the available data. It should also be noted that any authority could host any zone it wishes, but this will only be accessible if a parent zone delegates authority to it.

Today the DNS is used widely in looking up IP addresses from domains and the reverse, application servers, i.e. mail servers, and hosting tables of hosts, i.e. hosts that are known to generate SPAM and we wish not to receive mail from. Other, emerging uses of DNS include the association of phone numbers with IP addresses to use it with VoIP and RFID’s code lookup to sources of information. Plenty other DNS uses are foreseen in sensor and peer to peer networks. The frequency of use of DNS is also very high. Every email sent creates 3 or more DNS lookups, while every web page needs a few lookups as well.

DNS is a widely deployed system. It is estimated that there are more than 2 million DNS servers on the internet. But, DNS is also used in the private intranets and local LANs. The estimated number of DNS servers in such private networks is more than 10 million.

How does DNS work?

There are several entities involved in DNS and a lot of interactions occur during the lookup of the data associated to a domain, as shown in Figure 2. The stub client () that wants to get the associated data of a domain sends the request to a recursive resolver (). The recursive resolver, which is usually provided by the user’s ISP, will traverse the DNS authoritative servers (), starting from the root, to retrieve the data and return them to the stub client. Each recursive resolver is configured with an entry point to the DNS which is the root zone.

What are the known threats?

There are three different types of communications in DNS. The obvious ones are the communication between the stub client and the recursive resolver and the communication between the recursive resolver and the authoritative servers. The third type of communications is the one used between authoritative servers to synchronise the zones, after zone changes. Most of these communications are performed by exchanging User Datagram Protocol (UDP) packets that are being matched and essentially protected by the UDP source port and an application defined query ID.

The identified threats to DNS communications and components are being listed in RFC 3833 and they are:

• Packet Interception - man-in-the-middle attacks
• ID Guessing and Query Prediction
• Name Chaining - Cache Poisoning
• Betrayal By Trusted Server
• Denial of Service
• Wildcards insertion

The most dangerous attacks are those by which the attacker gains control of a zone, meaning that he is presented as authoritative server for that zone to a part of the internet and can modify the data returned to the user. In most of the cases this is used to impersonate a web site. There are plenty of web pages explaining how this attack can be performed, but in principle it affects a recursive resolver at a time by guessing the source port of its query to an authoritative server and the corresponding query ID and installing a false delegation for that zone, as shown in Figure 3. This kind of attacks, which are called cache poisoning attacks, where observed first in 1989 and variations of it come to light continuously.

Ellaborating on the cache poisoning attacks

A variation of this attack, the fast poisoning attack, by which an attacker can gain control of a zone in a matter of seconds, was discovered in July 2008. The industry reacted fast and in coordination and a patch released that randomised the Query ID and UDP source port for each request, decreasing the possibility for success of each packet in this attack from 1 in 2^16 (roughly 66 thousand) to 1 in 2^32 (more than 4 billion). This patch has been installed in the majority of recursive resolvers and solved the problem temporarily. It is proven that with gigabit connectivity someone can still succeed in this cache poisoning attack in 10 hours. This limits the problem at this point of time in enterprise networks, which of course can be accessed by attackers through some other security flaw or an infected laptop or a disgruntled employee. Furthermore, it is only a matter of time for the increase of speed in internet connectivity to allow these attacks to be performed through the public internet. So, another permanent solution to the problem is needed.

If a cache poisoning attack succeeds, then there are several types of attacks that the users of that recursive resolver are prone too. The simplest attack is redirecting the traffic to another malicious server. This can influence:

• web traffic, by displaying other content than the intended, performing phishing attacks or installing malicious software;
• mail traffic,  by eavesdropping on confidential mail without leaving any traces;
• voice conversations, by eavesdropping and obtaining credentials to services, and plenty more.

Even Secure Sockets Layer (SSL) protected traffic is prone to attacks if further to traffic redirection a SSL weakening attack is performed that could accomplish cipher specification weakening.

How can we be protected?

Against this background it is clear that the DNS is still far from being secure. The existing flaws can affect the public internet users as well as the enterprise users. The ISP’s recursive resolvers as well as those used by enterprises have to be secured. For the communications that occur between the DNS entities, widely deployed and proven solutions exist for those between stub clients and recursive resolvers and between authoritative servers. A solution has to be established for verifying the authenticity and protect the integrity of the DNS data in the communications between the recursive resolvers and the authoritative servers. This solution will definitely involve digital signatures and a form of Public Key Infrastructure (PKI). One such solution is the use of DNSSEC. DNSSEC is a security extension to the DNS that, if deployed, can solve the cache poisoning problem.

Before its widespread deployment DNSSEC has to overcome several obstacles. First of all is the issue of trust of authority. It has to be decided if the entire internet trusts a single authority to sign the root zone of the DNS or another distributed approach has to be followed. Whatever solution is chosen, the supporting security architecture has to be defined. Another obstacle is the scarcity of automation tools for handling DNSSEC zone operations. In DNS, an error in the syntax of a zone can have a small or no impact at all in the reachability of the zone while in a DNSSEC enabled zone, an error can mark the zone bogus and unreachable. Moreover, tools have to become available for the end users. Enabling DNSSEC on stub clients and notifying end users about the authenticity of the data will raise their awareness on the dangers and help them make educated decisions on trusting a content provider.