..

: ..

: 4.053.333,33

: 1.946.666,67

:12

:

: HH/MM/EE

: 327506

ii

viii

11 :

12

13.1

131.1

131.2

131.3 ( )

131.4

141.5

171.6

171.6.1 DC A

171.6.2 DC B

221.6.3 DRC

26.2,

262.1

262.2

272.2.1

292.2.2

302.2.3 &

302.2.4 (Virtualization Platform)

312.3

322.3.1

332.3.2

342.3.3

352.3.4

362.3.5

362.3.6

372.3.7

372.3.8

382.3.9

392.4

412.5

42.3

423.1

423.1.1

713.1.2

773.1.3

853.1.4 (Virtualization Platform)

903.2

903.2.1

963.2.2 Data Center

1003.2.3 (Hosting) Disaster Recovery Center

1073.2.4

1093.2.5

1223.2.6

1253.2.7

1323.2.8

1353.2.9

1403.2.10

1413.2.11

1443.2.12

1443.3

1473.4

1483.5

149.4

1504.1

1514.2

1514.2.1 1 - ,

1544.2.2 2 -

1614.2.3 3

1674.2.4 4 -

1684.2.5 5 -

1724.2.6 6 -

1754.2.7

178.5

1785.1 ,

1785.1.1 &

1785.1.2

1795.2

1795.3 -

1805.4

1805.4.1

1805.4.2

1815.4.3

1825.4.4

183.6 (SLA)

1836.1

1836.2 SLA

1846.3 SLA

1846.4 , SLA

1856.5 SLA

1866.6 SLA

1866.7

1866.7.1 ()

1916.7.2 - -

1946.7.3

1956.7.4

197 B:

198B1.

198B1.1.

198B1.2.

199B1.3.

199B1.4.

201B1.5.

201B1.6.

202B1.7.

203B1.8.

204B1.9.

205B1.10.

206B1.11.

212B1.12.

213B1.12.1.

216B1.12.2.

219B1.12.3.

223B1.12.4.

227B1.12.5.

231B1.12.6. -

232B1.13. /

232B1.13.1. /

232B1.14.

232B1.14.1. (capacity)

233B1.14.2.

239B1.15.

240B2. -

240B2.1.

241B2.2.

245B2.2.1.

245B2.2.2.

248B2.2.3.

249B2.2.4.

249B2.3.

249B2.4.

250B2.5. -

251B3.

251B3.1. ,

251B3.1.1. -

255B3.1.2.

255B3.1.3.

256B3.1.4.

257B3.1.5.

259B3.2.

260B3.3. -

261B4.

261B4.1., ,

263B4.2.

264B4.3.

265B4.4.

268B4.5.

272B4.6.

273B4.7.

273B4.8.

275 :

2761.

2771.1.

2781.2.

2791.3.

2802.

2823.

2833.1. (Privileged User Password Management)

2943.2. &

3083.3.

3213.4.

3303.5. & (Security Information & Event Management System)

3413.6. / (Network Admission/Access Control)

3513.7.

3593.8. (Identity Management)

3743.9.

3813.10.

3883.11.

3973.12. (Web Application Firewall)

4063.13.

4223.14. (VTL)

4313.15.

4403.16.

4553.17.

4663.18. (UPS/Batteries)

4733.19.

4793.20. &

4923.21. virtualization

5113.22.

5153.23. Data Center

5173.24. Disaster Recovery Center

5253.25. (Server)

5343.26. Ethernet &

5383.27. Ethernet

5423.28.

5423.28.1

5503.28.2

5543.28.3

5623.28.4 (Hosting) Disaster Recovery Center

5653.28.5 Data Center

5693.28.6

5713.28.7

5803.28.8

5853.28.9

5923.28.10

5993.28.11

6083.28.12

6133.28.13

6163.28.14

6253.28.15

6333.28.16 (SLA)

6364.

6364.1.

6364.1.1 (.2.2.)

6394.1.2 (.2.3)

6414.2.

6434.3.

6444.4. ( SLA)

6444.4.1 1

6454.4.2 2

6464.4.3 3

6474.4.4 4

6484.4.5 5

6494.5.

6494.5.1

6504.5.2 ()

6515.

6515.1.

6525.2.

6525.3.

6525.4. /

6525.5.

6536.

6536.1.

6716.2.

..

, , &

.

( CPV):

30233100-2: .

48730000-4

48000000-8

72253200-5

72261000-2

79132100-9:

80533100-0

51611100-9

50324100-3

50324200-4

.

http://www.ktimatologio.gr

( )

33

(4,053,333.33) ...

, 1.946.666,67 .

( ) .

( ) , 075/4 075/9 201107540002 201107590002.

.

(12)

8

..//2014 13.00

//2014 13.00

, 288, 1552,

//2014

/.../2014

../../2014

:

- Data Center Computer Room

HL7Health Level 7

ISOInternational Organization for Standardization

PKIPublic Key Infrastructure -

SANStorage Area Network -

SLAService Level Agreement -

Virtual Private Network -

.1

1.1

. ( ).

, , . .

.

1.2

.., , .. ( 81706/6085/6-10-1995/ 872/19-10-1995) . 4164/2013 .. ( ..).

, . , , , .

5 . 2229/1994, 2190/1920, . 2308/1995 .2664/1998, . 3899/17-12-2010 . 3429/2005 " ".

.. .

1.3 ( )

.

1.4

, , .

, , , .

. , :

1. , , . , . , .

2. , , .

3. (, ) .

4. , .

5. , , . .. www.ktimatologio.gr

1.5

.. 380 , , :

&

&

&

:

1.6

. (Data Center) . Recovery Data Center .

Data Center (DC A), . (.. e-mail, document management, ).

Data Center (DC B), ., .

. , , .

1.6.1 DC A

. , , email, Active Directory, VoIP . . .

DC A VPN , 4 Mbps.

(e-mail, browsing ), . .

DC A, , :

(1) Router Cisco

2 Firewall, .

(4) fast Ethernet switch Cisco Catalyst 2950.

(1) firewalling + Proxying

1.6.2 DC B

DC B . DC B ., (2) (Cisco 6500). Active-to-Passive. , , .

DC B ., (2) Supervisor Engines. (2) Supervisor Engines Active-to-Passive. Non-Stop Forwarding (NSF) Stateful Switchover (SSO) routing switching Supervisor Engine .

(6) Gigabit . Gigabit EtherChannel 12 Gbps full-duplex.

A1.6.2.1

:

() Fujitsu-Siemens. , , Itanium2 Xeon EMT64 , 64-bit, Intel. 16 , RXi600 59 , RX300S3.

Symmetrix DMX3 EMC high-end . DMX3 System Storage. Storage :

) 66 300GB 10 2 Hot Spares.

) 48 500GB 7,2 4 Hot Spares. EMC ControlCenter.

CLARiiON CX480 EMC . H EMC Navisphere Manager Suite.

iSCSI & NAS, NS42G Gateway, EMC.

, Primary & Disaster Sites Scalar i500, Fujitsu Siemens.

Storage Area Network (2) FC switches EMC, Connectrix DS-4700M.

Storage Area Network Primary Datacenter (2) FC Directors EMC, Connectrix ED-140M. 88 FC 1/2Gbps. Connectrix Manager.

replication multi-protocol router EMC MP-2640M.

Cisco Systems. (3) Cisco router 7606.

(LAN, WAN) Cisco Systems. (3) switches, Catalyst 6513 Cisco Systems. , (2) Supervisor Engines, (2) redundant . switches, , . , Service Modules:

Firewall Service Module. .

Intrusion Detection Service Module. .

SSL Service Module.

Content Switch Service Module.

Network Analysis Service Module. , , ,

(Servers)

200 servers Microsoft Windows 2003 R2

50 servers Microsoft Windows 2008 SP1

34 servers Microsoft Windows 2012

16 Linux servers

EMC Unisphere & ECC, Oracle Grid, Cisco LMS & VMS.

CA Spectrum eHealth, Microsoft System Center Suite (SCOM, SCCM, Orchestrator).

: Oracle Database Server 10g (8 Node RAC Primary + 4 Node Disaster RAC) Linux

Web portal : MS SQL 2005

Web portal MS SQL 2005

ERP SAP ECC 6.0 Oracle Database Server 10g .

CRM SAP 7.0 Oracle Database Server 10g .

SAP BW Oracle Database Server 10g .

: MS SQL 2005

www.ktimatologio.gr: MS SQL 2008 R2

(8) Apache Reverse Proxy Servers

(GIS), ESRI.

.NET Framework, .

(LDAP, SSO) (PKI), Windows Server 2003/2008. USB tokens Aladdin.

.

Authentication

, ( VPN)

proprietary

, ( VPN)

proprietary

, ( VPN)

Active Directory

Active Directory

Active Directory

Active Directory

, Internet

Active Directory

Portal e-

Internet

Active Directory

UPS Symmetra PX APC. UPS +1, 2(+1). UPS 80KW, , 10KW, , , downtime.

. (2) 400 KVA (IVECO), , , 400 .

1.6.3 DRC

Disaster Recovery Site Data Center. Data Center.

development staging. , . Disaster Recovery Center :

Production. (4) RXi600 (9) RX300S3.

Services. (8) RX300S3

.

Disaster Recovery Site, (Storage Area Network) fiber channel, (2) ( ) (tape library backup).

, . FC switches. ( Data Center) , SAN (2) switches fiber channel, DS-4700-M EMC. (32) FC 2Gbps. FC switch multiprotocol router MP-2640M gigabit IP . SAN , .

, (1) switch, Catalyst 6513 Cisco Systems. , switches Primary Data Center.

:

KVM switches, UNV1116D UNV108D Rextron . Integra KVM2 .

, console concentrator, Cisco2811, Cisco Systems

. , :

/

1.

75

DC

. H :

KT_WEBS

DMZ (7)

Backend (47)

Management (7)

Frond end (8)

Back end (6)

2.

35

DRC

. H :

KT_WEBS

DMZ (2)

Back end (25)

Management (2)

Frond end (4)

Back end (2)

3.

2

DC

:

1xIDS ( )

1xFWSM ( )

1xNLB ( )

1xN ( )

1xSSL accelerator ( )

4.

1

DRC

:

1xIDS ( )

1xFWSM ( )

1xNLB ( )

1xN ( )

1xSSL accelerator ( )

1:

A/A

1.

4

2.

25

3.

6

DC

4.

40

DC

2:

IP :

A/A

IP

1.

160

DC

, ,

2.

100

DRC

, ,

3.

400

4.

150

, ,

3: IP

.

.2 ,

2.1

H .

, .

, 2015, , , ( / ) , , , .., .

, audit . , , .

, 160 , - .

.

2.2

:

2.2.1

2.2.2

2.2.3 &

2.2.4 (Virtualization Platform)

2.2.1

( ) . :

1. - Privileged User Password Management . (2) . (1) (1) . 2 .

2. & . , . (3) & . (2) (1) .

3. & (Security Information & Event Management System) (logs) . .

4. .. (3) . (2) (1) .

5. :

I) .

II) . .

6. / (Network Admission/Access Control) , . (2) / (Network Admission/Access Control). (1) .

7. (Vulnerability Assessment Tool) .

8. (DLP) . (2) ( ) (1) .

9. (Identity Management) .. (3) . (2) (1) .

10. . . (3) . (2) (1) .

11. , .

12. -Web Application Firewall . (3) . (2) (1) .

2.2.2

, :

(14) , , , . .

, . .., :

.

(VTL).

(LTO library).

.

2.2.3 &

( , ):

, ( ) .

(Racks).

, :

--

(KVM switches / Console Concentrators)

(Ethernet switches)

(UPS/Batteries/Power Generator) Data Center .

Data Center .

Data Center .

Disaster Recovery Center.

2.2.4 (Virtualization Platform)

( ) , . (virtual machine) . . 3.1.4

2.3

, :

1.

2.

3.

4.

5.

6.

7.

, , :

8. , . SLA. , , . , .

, . , 22 / , 8 /, 176.

. , ., / , Disaster Recovery Center. . . , , .

2.3.1

. .

, , . DC DRC :

(, ., , , ). .

.

, (2) . , ( 1), ( ). , .

, (1) , .

, . , .

3.2.1.1.1, 3.2.1.1.2 3.2.1.1.3

, , , , (.. , ).

A3.2.1.2.

, .

.

2.3.2

, . , . 2.3.1, , . A3.2.5.1, A3.2.5.2, A3.2.5.3 A3.2.5.4.

.

2.3.3

, ., .

, , , . , . . A3.2.6.1, A3.2.6.2, A3.2.5.4.

.

:

A2.3.3.1 Data Center

Datacenter . 3.2.2.

.

A2.3.3.2 (Hosting) Disaster Recovery Center

, , , ( ) . 3.2.3. .

.

A2.3.3.3

. 3.2.4. . (14), .

.

2.3.4

. . . :

On the job training

.

, . .

, (, ) , . , , , , , . A3.2.7.1

. 1% .

, (1) , A3.2.7.2 . (1) A3.2.7.2 .

2.3.5

:

I. / (technical capability & ability to execute) ( ) ( )

II. .

3.2.8.

.

2.3.6

, . , , , .

3.2.9

.

2.3.7

5 ( ) ( switch) . ( ) , . 3.2.11

2.3.8

., SLA . 3.2.10

2.3.9

3.2.12 :

.

.

(.. , , , ).

, , , , .

2.4

( / ) , , .., . , , , , , . , (500 B ) , , . / .

, , data center .

. , .

, , , ..

, ..

, (Web Application Firewall) .

, , .

, , .

, , ..

, . . .

(open architecture), , / .

2.5

:

1. , . , , (2.1 ).

2. , . , , , (risks/mitigations), (issues) .

3. .

4. , ( & ).

5. .

6. .

7. ..

:

..

.. ( & ).

.3

3.1

, , , :

(Virtualization Platform)

.

.

, .

. .

3.1.1

.. , , , , . .

A3.1.1.1 (Privileged User Password Management)

. .

, .. , . .

:

:

Windows Local Administrator passwords

Windows Domain (Active Directory) Administrator passwords

Windows Service Accounts & Scheduled Tasks passwords

, Linux Admin Passwords

Database Server Admin Passwords (MS SQL, Oracle, DB2, Sybase, passwords)

Security devices/systems Admin passwords

Network devices (routers, switches) Admin passwords

Application - to - Application/DB passwords ( )

Hardcoded passwords in application code, scripts .

:

..

,

/

,

.. / , SIEM.

. , 3.1 (Privileged User Password Management).

A3.1.1.2 &

H , . , (.. malware, malicious mobile code .).

servers Network IPS , Application Level Firewalling .. .

. , .

.

:

Real-time Threat Prevention , . Network IPS Source/Destination IP address, Network subnet, Protocol client application

URL Filtering domain user/group

Application Identification & Control . Source/Destination IP address, (domain user/group)

Antivirus & Antimalware Protection

File Type Filtering - payload . Source/Destination IP address, client domain user/group

Quality-of-Service

SSL Scanning: Web (SSL traffic)

Real-time Monitoring & Statistics , , , , , ..

Logging & Reporting - , , , .. SIEM.

(migration) & (2) Firewall (1) firewalling + Proxying (1) firewalling + Proxying .

. , 3.2 & .

A3.1.1.3 (DLP)

H , . , .

. . .. , Laptops Servers, , , .

, ( ), , : .. USB/flash disks, , , .

. (alerts) .

:

, ,

FTP, web (email)

network shares.

: USB, LAN, Wireless (802.11)

:

(screen warnings) email alerts

. , 3.3 .

A3.1.1.4

. .

Database Security :

User Accountability -

Detailed DB Auditing (query level) SQL query

Database Application protection

(query-level auditing), . .

. .

:

Database Firewall-Auditing/Monitoring Gateway, ( MS SQL, Oracle, .) (. SQL Injection), .

.

.

user names, IP addresses, tables, operations, queries, query patterns, privileged commands stored procedures.

(reporting)

. , 3.4 .

A3.1.1.5 & (Security Information & Event Management System)

(Security Information & Event Management System SIEM) (logs) . .

(.. Correlation, alerts .) servers , (.. Firewalls, IDS/IPS ..) , (alert) .

:

: (Windows, Unix, Linux, ), - , , ,

(logs) . .

:

( )

:

(log retention policies)

5000 EPS (Events- per-second)

(Load Sharing)

(correlation) , (false alarms) .

H . . :

( ) ( )

( ) (Patch level)

Web server DB server ..

(, )

. , 3.5

REF _Ref328664347 \h &

A3.1.1.6 / (Network Admission/Access Control)

H , .

:

/ /

,

, / , :

/

/ ( ) (. Antivirus, personal firewall/endpoint security software, .)

/

, , - , , .

, :

- (switch port)

.

, , , MS Windows workstations/servers, Mac, Unix/Linux systems.

IP . .

/ .

/ :

Network Attributes (IP address, .)

System Attributes (Registry keys .)

.

VoIP (VoIP VLAN)

/ (agent)

- MS Active Directory

-

traffic-manipulation (. ARP Poisoning)

.

/ .

, .

.

& .

.

.

.

. , 3.6

REF _Ref371086238 \h / (Network Admission/Access Control)

A3.1.1.7 (Vulnerability Assessment Tool)

. . .

, :

, , , Web .

, false positives , firewalls, / IPS / IDS systems.

, patch (vulnerability exploitation)

.

/

-

(SIEM)

(network topology analysis)

(application configuration analysis)

(inventory)

- (scheduled vulnerability scans)

- (scheduled reporting)

( )

(agent) (agent-less)

(technical remediation reports) (high level executive reports)

.. , , .

(backups) , , , (reports) .

-

(servers) (security baseline) ( )

: Windows, Unix, Linux MacOS

Web

(exploitation) (Penetration tests)

. , 3.7 .

A3.1.1.8 (Identity Management)

. . (user provisioning) Active Directory, SAP, Web Apps, PKI ..

:

(workflow)

Single Sign On

Self service

(open architecture), :

/

(modular) , , ,

, ,

,

.

(RDBMS) , LDAP V3.

:

, . (role based access control). .

.

. .

SAP .. . . connectors agents .

, . (credentials), .

Identity Federation ( ). Identity Federation (cloud) , . . Identity Federation SSO PKI.

H identity federation cross-domain single sign-on portals extranets ,

Identity Federation SSO , (PKI, SAML). .

. , 3.8 (Identity Management)

A3.1.1.9

:

. () (20.000) (3) .

. , , .

. (certificate requests) (Certificate Practice Statement CPS) . .

, web ( ) . certificate request pending.

, .

email . .

., ( ), .,

, .

.

x.509 RC 5280. EU 99/93 150/2001 .. 342/2002. Web Trust for Certification Authorities ETSI TS 101 456 / (TSL) .

.. 150/2001 .. 342/2002 , .

(windows xp ) . (Public) (Trusted Root CA).

:

(Identification)

(Authentication)

(Authorization)

(Integrity)

(Confidentiality)

(Non-repudiation)

:

Certificate Revocation List (CRL)

Online Certificate Status Protocol (OCSP)

T A3.1.1.10 .

, 3.9

A3.1.1.10

() (Smart Card) USB token (CPU), (ROM, EEPROM, RAM), (Card OS) . PIN . (, ).

( ) , - (-) .

, , , - . , .. 150/2001 295/63 ( 1730).

/ - , .

. , 3.9 .

A3.1.1.11

H .

:

(SMTP/ESMTP)

, ( ) (user group) (.. AD, LDAP service)

, .

Microsoft Exchange Server 2008 Windows 2003, 2008, 2012 Active Directory.

Antivirus . .

spam ( Spam )

Anti Spam (Score Threshold)

. Spam .

(TCP session) .

black lists white lists

(0Day) Antivirus .

True MIME type

(unauthorized relaying).

.

Domains. Domain.

Domain Key signing .

: spoof, phishing, denial-of-service, directory harvest attacks .

(spoofed) bounce.

(Content Filtering) . , , header/body .. , (bounce), , blind carbon copy, header, , , ..

.. malware, spam .

(GUI) .

H (logs) (SIEM) &

(migration) (1) antivirus/antispam .

. , 3.11

A3.1.1.12

. . ., , e-mails, (role based access control). , .. , , . . Open Text eDOCS DM 5.x ., . Open Text eDOCS DM 5.x . .

. , 3.10 .

A3.1.1.13 (Web Application Firewall)

H .

O :

.

(GUI)

promiscuous mode (alert) (block)

(inline bridge)

Denial-of-Service (DoS)

Web SQL injection, Cross Site Scripting (XSS), Session Hijacking, Buffer Overflow, Cookie Poisoning, Denial of Service, Parameter Manipulation, Brute Force Login, Malicious Encoding, Identity Theft, Phishing, Data Destruction, Scanning, Worms Infection, Zero Day Worms, OWASP Top10 .

web & .

web

client http request

HTTP (protocol anomalies .. malformed URLs)

Web XML, SOAP & WSDL.

web :

Read only, ..

web Web :

Date/Time

Client IP Address

Client Hostname

Client application

Number of Events

Event Type

HTTP Query

(migration) , (2) (1) .

. , 3.12 (Web Application Firewall)

3.1.2

A3.1.2.1

, , (14) ., . (11) .

-

-

-

-

-

-

-

-

-

-

-

(1) . , ( ) . , . . , . , ( / ). - , (folder replication).

/ - -, , (graceful shutdown) .

3.16 .

, , . ( 3.1.3 )

3.2.4.

A3.1.2.2

., :

.

, . , , .

IP , NAS (Network-attached storage), .

. .

/ - -, , (graceful shutdown) .

, (VTL ) ( ).

:

500

4 1000Mbps Ethernet .

: iSCSI, NFS(v3 & v4), SMB1 (CIFS), SMB2, HTTP, NDMP, SNMP

1000 NAS

(Thin Provisioning)

(snapshots)

(WORM)

hardware

RAID 1, RAID 10, RAID5 & RAID6

RAID (hot spare) (global hot spare)

3.13

(VTL)

. (restore) (2) (VTL) .

(Virtual Tape Libraries) . , .

:

96 TB ( ).

Ultrium LTO-5 tape format

(restore) 500 48

LTO 5 native 750

drives 18

. 4000

fiber channel SAN

Data Center Disaster Recovery Center. Fibre Channel (SAN).

3.14 (VTL)

, 2 (TL). Data Center Disaster Recovery Center

:

750 TB ( ).

800 GB ( ).

(18) / .

Fibre Channel.

Fibre Channel (SAN) .

3.15 .

(SAN) . (SAN) , .

( ). 800 GB.

, Fibre Channel ( 64 32 ), . .

, 3.22 ( ).

( ) , ( ), . ( ), Fibre Channel.

. , (incremental backups) . - . , , ( incremental backups ). , . .

3.17 .

3.1.3

( , ):

A3.1.3.1

. , . (interfaces) (Ethernet) . ( 2 , 2,4 GHz, 4 ) RAM (( 32 GB) . . (, , ) (backup & restore) .

3.25 ( (Server)).

, ( , ). 3.25, , .

A3.1.3.2 (Ethernet Switch)

(switches), , 30% . (uplinks) (bottleneck).

3.26 Ethernet & & 3.27 Ethernet .

A3.1.3.3

Data Center Datacenter 22 (+/-4 C) 50% (+/-10%) .

(precision air-conditioning), .

, , .

:

: 45 C .

: 80%

Data Center 2,5W 6W Data Center, . , Data Center 22 (+/-4 C) 50% (+/-10%).

rack Data Center .

. (panels, blanking panels, , ) , (Power usage effectiveness (PUE)).

datacenter .

3 40KW 2 120W . , , .

.

Data Center, . , +.

(precision air-conditioning) Data Center , . , , . downtime.

Data Center .

TCP/IP.

3.19

A3.1.3.4

. . Data Center .

. :

(UPS), .

, UPS .

Data Center 2,5KW 6W Data Center, . , 2 UPS&/Batteries 2(+1) Data Center 99,999%.

Data Center, . , 2 Power Distribution Units (+) Data Center Power Distribution Units (PDUs) UPS N+1 (hot swappable) . 2 UPS +1 (hot swappable) , . UPS , , .

UPS Data Center. UPS .

. , UPS . , . 320W 24 . (.. , , ). , (Electrostatic Discharge) . o 3.18 (UPS/Batteries).

A3.1.3.5 (Racks)

& , . standard 19 . , . 2 . , 6KW. blanking panels . (, , ). rack Data Center Disaster Recovery Center 2 , (1) . 3.20

REF _Ref329953144 \h \* MERGEFORMAT & , .

A3.1.3.6

( & ), , ( , , ), .

, :

--

(KVM switches / Console Concentrators)

. , . ( , , PDU, .). , .

, - - isdn , .

3.20

REF _Ref329953144 \h \* MERGEFORMAT & .

, , , .

3.1.4 (Virtualization Platform)

, , . , .

hypervisors , (virtual machines) (abstraction layer) , ( ), (, ) (, ).

/ :

, ,

(email/sms),

(OS, software distribution/patch management) (Backup/Restore)

,

, . & , .

(..: /// , ) (KPIs). - (, ) , .

, (, clouds) . self-service .

.

(hypervisors) , .

, (monitoring and alerting). , (hardware) & (storages, SAN ) (switches, routers, firewalls), . (hypervisor) . (on-off) . , & .

, & , , , & . , . . .

, , , . . .

(deltas) & bandwidth . disk to disk to tape (restore) ( ). , disaster recover. (bare metal restore), . .

. . . (inventory) (software metering) (Desired Configuration Management). ( ) . , ( ).

& , (Problem management, Incident Management, Change Management). (monitoring) , , . , , . (SLA) . ( ITIL).

, . , . . , .

. web-based .

. , 3.21 virtualization.

3.2

3.2.1

A3.2.1.1 . A3.2.1.2

A3.2.1.1

(security tests) . :

(, ., , ). .

. .

.

3.2.1.1.1 .

penetration testing/blind ethical hacking OWASP Testing Guide v3 OWASP Application Security Verification Standard (, , ) ..

:

DMZ .

Backend .

.

.

.

Trojan horses, malformed web pages, mail hijacking, Man in the Middle Attacks, brute force password cracking .

.

:

( , ., ):

(Passive/ Active information gathering)

& (Vulnerability scanning and analysis)

& (Attack & Vulnerability exploitation)

, ., & WEB , :

& (Vulnerability scanning and analysis), :

Forceful Browsing

Server Side Includes (SSI)

Error injection

Type and bound checks

Special Characters injection

Cookie analysis

Session IDs analysis

Input Validation

Code and Content injection

OWASP Top 10

CWE/SANS Top25

& (Attack & Vulnerability exploitation), :

Cookie / Session IDs manipulation -hijacking

OS Command Injection

Parameter Manipulation

, ( ) . .

1:

3.2.1.1.2

. o penetration testing/ethical hacking OWASP Testing Guide v3 OWASP Application Security Verification Standard :

: , , .

(vulnerability assessment risk assessment) . . (Trusted or/and untrusted networks hosts.allow & hosts.deny).

: . (Data Center Disaster Recovery Center) , ( , backup, ..) .

: . , .

:

. .. / . .

. .

Ethical Hacking backdoor ( ).

access lists routers firewalls.

& :

(vlan) :

(Passive/ Active information gathering)

& (Vulnerability scanning and analysis)

& (Attack & Vulnerability exploitation)

:

& (Vulnerability scanning and analysis), :

Forceful Browsing

Error injection

Type and bound checks

Special Characters injection

Cookie analysis

Session IDs analysis

Input Validation

Server Side Includes (SSI)

Code and Content injection

OWASP Top 10

CWE/SANS Top25

& (Attack & Vulnerability exploitation), :

Cookie / Session IDs manipulation -hijacking

OS Command Injection

Parameter Manipulation

:

( DDoS, SYN Flooding, Spoofing attacks )

1: IP 3: IP

3.2.1.1.3

.

A3.2.1.2

, :

.

.

.

/ .

.

.

, , , .

3.2.2 Data Center

Data Center . , Data Center .

, , Data Center , .

Data Center, , , , , . Data Center , .

A3.2.2.1

, , , . , . , (, ) , . ,

A3.2.2.2

Data Center, 2.2 Data Center, .. .

Data Center , .

, Data Center .

, . , , , , . , /. . , Data Center.

A3.2.2.3

Data Center , . , . , Data Center :

.

.

. . :

(60)

. 2 .

( ).

.

, .

(, ).

:

.

/ .

:

.

.

.

( ) .

emergency cut off .

, / .

A3.2.2.4

A3.1.3.3

A3.2.2.5

Data Center. .

. /, , . Unshielded Twisted Pair 6. patch panel - (cable-trays) wire-frame 600 Cat6 , . , , . .

A3.2.2.6

A3.1.4.2

A3.2.2.7 (Racks)

A3.1.4.3

A3.2.2.8

A3.1.4.4

3.2.3 (Hosting) Disaster Recovery Center

. :

.

Disaster Recovery Center , , , Disaster Recovery Center Disaster Recovery Center.

(Hosting) Disaster Recovery Center :

A3.2.3.1

Disaster Recovery Center 2.2 , ( , , , ), (hosting).

, , , , , , . , , /.

, . , , 6.7. .

A3.2.3.2

Disaster Recovery Center , . Disaster Recovery Center :

. , . proximity . . .

, . , . video video , , , , . video (1) . ( ) .

. Disaster Recovery Center.

.

. . . :

(30) .

. 2 .

( ).

.

, .

( , ).

:

.

/ .

AEROSOL ( ).

:

.

.

.

( ) .

. .

emergency cut off .

, / .

A3.2.3.3

Disaster Recovery Center 22 (+/-4) 50% (+/-10%) 99,99% SLA Disaster Recovery Center. , . Disaster Recovery Center 1,2W 6W Data Center, . .

Disaster Recovery Center, +1 .

A3.2.3.4

Disaster Recovery Center . .

Disaster Recovery Center . /, , . Unshielded Twisted Pair 6. patch panel - (cable-trays) wire-frame 600 Cat6 , . , , . .

A3.2.3.5

Disaster Recovery Center . :

(UPS), .

, UPS .

(Power Generator), .

Disaster Recovery Center 1,2KW 6W Disaster Recovery Center, . .

, +1.

, UPS . , , 24 . UPS, , . , (Electrostatic Discharge) .

A3.2.3.6 (Racks)

A3.1.4.3

A3.2.3.7

A3.1.4.4

3.2.4

, . .

:

A3.2.4.1 .

, , , . , .

( ) 3.20 3.16 .

(switch), 30% .

. ( KVM switch/console concentrator). ( management IP) dialup ISDN modem, .

A3.2.4.2

.., , .

, . / - -, , (graceful shutdown) .

A3.2.4.2. , (Electrostatic Discharge) . .. () .. .

A3.2.4.3 Datacenter .

, , . , / .

A3.2.4.4

A3.1.4.4

3.2.5

. .

A3.2.5.1

A3.2.5.2

A3.2.5.3

A3.2.5.4

A3.2.5.1

, . , . , , . . , , , .

, , . , :

.

.

, .

, .

.

.

(.. ), , . .

A3.2.5.1 (end of sale), , . , . , , , . , .

A3.2.5.2

A3.2.1.1 & A3.2.5.1 3.4 :

. . , (, , ..) . .

, . (segmentation) , server ( ) (Application Control Firewalling) (Network IPS). (configuration) . bottleneck Gigabit servers Application Control Firewalling Network IPS. , . , , / .

Data Center DRC (, , , ) .

.

(Data Center, Disaster Recovery Center, Production, Staging, Testing).

. , . .

, .. . :

.

.

(roll-out plan) .

(back-up plan) .

- (job description) , . . , . - (job description).

(3) :

(System Administrators)

(programmers)

(end users)

(System Administrators)

O .. , . , , , .

, , (user rights) . .

.. :

(DBMS) (Data Warehouse)

(Operating Systems)

(tools) ..

, .

(optimization)

.

(6)

(programmers)

. . / .

(5)

(end users)

. .

A3.2.5.3

, . . . ..

A3.2.5.4

3 , . , Helpdesk, , ., , .

3.2.5.4.1 -

( ) (Helpdesk) ().

(Helpdesk) () 24 ( , ), . (Helpdesk) () 24 ( , ) 6.7. 6.7.

Helpdesk 6.7.

, . , Helpdesk , ( ) (6) . Helpdesk , ( ).

Helpdesk , , 2.8 - .

Helpdesk SLA . , Helpdesk .

Helpdesk , , , (10) . , . .

3.2.5.4.2 Helpdesk

:

.

.

3.2.5.4.3 ( )

. (remote support), .

, , .

3.2.5.4.4 ( )

, SLA , (on-site) . / , .

, , . , (.3.2.5.4.6 ()).

3.2.5.4.5

, fax, , . . . Helpdesk .

(. 3.2.5.4.2

REF _Ref334431261 \h Helpdesk, 3.2.5.4.3, ( ) 3.2.5.4.4 ( )).

1:

3 , (Helpdesk) (, , .

4: (Helpdesk)

e-mail

FAX

5: ()

e-mail

FAX

.

3.2.5.4.6 ()

(), .

:

.

.

(read only) , . (10) , . .

(Helpdesk) (). . . E.

Helpdesk / TOY

:

.

().

.

.

6.7.2 (1, 2, , , , , ).

.

.

( / ).

/ ( ).

.

(. A3.2.9.1 A3.2.9.5). :

.

.

.

.

( ).

.

.

, :

.

.

.

.

( ).

, (.. )

.

/

/ ().

6.1 - . :

, .

(.. , , )

, .

3.2.6

, , . , 3.2.5 , .

, , , . , .

( , ) . ( , ). .

, ( ) , . SLA .

, , .

, (.. Servers, switch, patch panels, cabling, ), , , . 3.2.6 , , .

:

A3.2.6.1

A3.2.6.2

A3.2.6.3

A3.2.6.1

:

/ (Data Center) . 3.2.2 , , (, , , ).

Disaster Recovery Center . 3.2.3 , , (, , , ).

. , , , / , , .

. 3.2.4 , , / , , .

/ .

( ) 24 ( ). ( Helpdesk, TOY) 3.2.11.

A3.2.6.2

, , , , ( ).

(test groups) , .

, - .

A3.2.6.3

, ( ) . , , , .6. , , A3.2.5.4.

, ( ) ( ) , .

3.2.7

A3.2.7.1

, . .

. .

.

. , , , :

. , on-the-job training , .

. , on-the-job training. , , .

. , , , .

, .

. (3) (4) , .

, . , , .

(40) .

( ), , .

, , . , .

(40) , , , , (40) .

, , , 40 , , .

, . , . , , . , .

. 1% .

2 . , .

, , . (, voucher, ) , (2) .

, , on-the-job-training. , , , - , , . on-the-job-training , , . , , . , .

, , . , . , /.

, , , (4) ( , , ) (2) , (2) ). Infosecurity Europe ( ) . .

/ , / . , , / .

, A3.1.1.12 A3.1.1.8 (Identity Management) , . (4) (8) . (30) (40) , . , . .

A3.2.7.2

(1) , , :

. , .

. , .

. .

. SLA.

On-the-job training. / , .

, , SLA. , .

, .

, , , ( , , ). . , .

, , , . , . , ( ). , SLA, :

, .

, .

, , (1) .

.

3.2.8

:

A3.2.8.1

A3.2.6.3 :

3.2 - . .

, / , , .) .

/ /

.

, .., ( , , .).

(1) , :

(monitoring) ,

/ ,

.

, , (fine tuning).

.

on the job training .., 3.2.7

(migration plan) , , (deployment) ..

, , .

:

, ,

( .6. (SLA))

, (2) .

, . , .

, .

. , , , .

, .

.6. (SLA) .

(1) , .6. (SLA), B4.4 .

3.2.9

(, ) , ( ) :

A3.2.9.1

A3.2.5.4.

A3.2.9.2

, , (. .6). . (6) . .

., . (.. ) .

A3.2.9.3

(, ) . , (, , ), , , , (units), .

. , , . / .

A3.2.9.4 /

, (.. , Data Center Disaster Recovery Center, , , ), (, , , , -- ), .

A3.2.9.5

, :

(releases & versions) - firmware .... T , CD/DVD ( ) , registration/activation number. . , .6 (SLA).

(upgrade) (releases & versions), .

patches ( -5- ).

( ) (security updates).

. .

.

( ) , , . , , ( , , , firmware ) . , / .

/ A3.2.9.6 / . .

A3.2.9.6 /

/ . , , . / , .

/ , .

/ / , . ( / ).

, , 2.2 . . , , .

3.2.9.6.1 / / /

(releases & versions) A3.2.9.5.

( ) , , , .

/ .

/ , , , .

3.2.9.6.2 /

, ( , , , , ).

, (testing).

, , ( ) .

, .

, (testing).

, (acceptance / stress tests) . , (acceptance / stress tests) .

.

, . / . :

/ .

.

.

3.2.10

: () , (5) , () . , SLA , .

SLA ( ) :

3.2.9

(hosting) Disaster Recovery Center, 3.2.3.

, A3.2.5.4

, 3.2.11

, 3.2.7.

, SLA, , ., .

, , (2) , , .

.

3.2.11

, ( ) .

, :

, (log files) .

, (log files) ( switch) (. 1.9 .)

.

(.. )

. , ( ) .

( / ) .

3.5 & , , (24x7x365), 5 , . , .

. ( 1.9 ) & (Security Information & Event Management System) .

logs .

.

, , () . .

. . (site to site VPN tunnel ), (two factor authentication) . .

. 6.7. , (. 3.2.5.4.3).

, 3.28.14 (3.28.12

REF _Ref374546694 \h ).

3.2.12

:

.

.

(.. , , , ).

, , , , .

3.3

, , , (total cost of ownership - TCO), , (, , ).

( ) :

1. : . , . , (execution environments), . , auditing , , , traceability .

2. : . , :

2.1. (fit for purpose) , , .

2.2. .

2.3. , .

2.4. / ( ), . , , , , , .

3. / : (modular) (abstraction) , , - scale out scale up. , , .

4. : (Single point of authentication and authorization).

5. : .

6. : , / / (policy templates libraries) / / (.. ). policy templates , time-to-deploy .

7. (open architecture), :

/

3.4

:

, ,

(infrastructure data)

- .

, :

(.. . 2472/97, . 2774/99)

(best practices)

de facto de jure

2.2 .

.

, , , .

' :

, ,

,

,

,

(, ),

,

,

,

(Security Metrics),

ISO27001,

ISO27001 - .

3.5

, , (servers) (storage) . , . , , .

(development and testing), .

. .

.4

:

,

.,

,

(program project management, , work breakdown structure, risk issue management ).

, :

( 5 ) / .

(.. , , WBS ) (.. best practices, ).

() , () () . , , .

. , . , .

4.1

/

()

1.

1

1

2.

2

2

3.

*

4

4

4.

4

9

5.

8

4

6.

12

1

* .

()

1

2

3

4

5

6

7

8

9

10

11

12

1:

1

2: . .

2

3:

4

4.

9

5: . .

4

6: . .

1

4.2

, :

1 -

2 -

3

4 -

5 -

6 -

, , , SLA.

4.2.1 1 - ,

, ..

, .

.

3.2.1, :

A3.2.1.1

A3.2.1.2

(1) .

A4.2.1.1

, :

1.1. -

1.2 -

1.3

1.1. -

( . open source )

exploits

, ,

( . open source )

exploits

1.2 -

, :

,

/

1.3

(, , )

4.2.2 2 -

.

, , , , . ' .

3.2.5, :

A3.2.5.1

A3.2.5.2

A3.2.5.3

A3.2.5.4

(2) .

O ., . .

A4.2.2.1

. :

2.1 -

2.2

2.3 -

2.4 - Data Center / DRC

2.5 - &

2.6 -

2.7 -

2.8 -

2.9

2.10 -

2.1 -

, :

Data Center Disaster Center

/

2.2

, :

,

(, )

(Security Metrics)

o ISO27001

.

,

& Internet

(DLP)

&

/ (Network Admission/Access Control)

(Identity Management)

(Web Application Firewall)

2.3 -

, :

/

,

& Internet

(DLP)

&

/ (Network Admission/Access Control)

(Identity Management)

(Web Application Firewall)

(VTL)

(Virtualization Platform )

2.4 - Data Center / DRC

Data Center

-

-

Disaster Recovery Center

-

-

Data Center

Disaster Recovery Center

2.5 - &

. , . , .

:

On-the-job

2.6 -

Data Center

Disaster Recovery Center

Data Center Disaster Recovery Center

Disaster Recovery Center Data Center

/

/

2.7 -

Helpdesk

Helpdesk

()

(Helpdesk)

. (Helpdesk) / ()

(Remote Support)

2.8 -

e-mail

2.9

1.2 -

2.10 -

(, , )

4.2.3 3

2 (4) . 2 . 3 , .

3.2.6, :

A3.2.6.1

A3.2.6.2

A3.2.6.3

3.2.2 Data Center

3.2.3 (Hosting) Disaster Recovery Center

3.2.4

, .

, A3.2.1.1, , .

( ), 3.2 - . , (30) . .

, (, ..) .

, . . , , .

.

, , 3.5 .

, . , , . 5 - .

, , .

A4.2.3.1

, :

3.1 - 3.2 - 3.3 - 3.4 - 3.5

3.6 3.1 -

( , , ) .

:

, .

, .

.

( & System Software ) - .

. , .

(Privileged User Password Management)

&

(DLP)

&

(Web Application Firewall)

(VTL)

, .

,

3.2 -

2, 2.3 - 2.6 - .

-

/

.

3.3 -

On-the-job

3.4 -

/ , :

, , ,

6.7 , , ,

(releases & versions)

, (releases & versions) .

. :

CD/DVD . (downloading), (CD/DVD) . (3) , , (1 2).

/ username & password, , . , / (registration/activation numbers), .

3.5

2 (2.1 - , 2.2 , 2.3 - , 2.4 - Data Center / DRC , 2.6 - 1.2 - )

3.6

(, , )

4.2.4 4 -

4 A3.2.7.1 .

, . .

, , .

, , on-the-job .

, .

A4.2.4.1

, :

4.1 -

4.2.5 5 -

, (4) .

3.2.8, :

A3.2.8.1

A3.2.7.2

3.2.11

A4.2.5.1

, :

5.1 -

5.2 -

5.3 -

5.4

5.1 -

/ /

5.2 -

/ , :

, , ,

6.7 , , ,

(releases & versions) &

/

, (releases & versions) .

, . :

CD/DVD . (downloading), (CD/DVD) . (3) , , (1 2).

, , ( ) , / username & password, , . , / (registration/activation numbers), .

, , 5.2 - ( ) , ( ) , / .

5.3 -

(2.1 - , 2.2 , 2.3 - , 2.4 - Data Center / DRC , 2.6 - 1.2 - )

5.4

(, , )

4.2.6 6 -

, . (1) .

3.2.9. :

A3.2.7.2

3.2.11

A3.2.1.1

20 . ( ), 6.2- . , (20) . .

, (, ..) .

, . .

( ) . , .

A4.2.6.1

, :

6.1 -

6.2-

6.3 -

6.4

.

6.1 -

5.2 - .

6.2-

( . open source )

exploits

, ,

( . open source )

exploits

6.3 -

(2.1 - , 2.2 , 2.3 - , 2.4 - Data Center / DRC , 2.6 - 1.2 - )

6.4

(, , )

4.2.7

SLA. . (5) . , 3.2.10. :

(. 5.2 - ) .

(. 6.3 - )

/

1.1

1.2

1.3

1.3

2.1

2.2

2.3

2.4

Data Center / DRC

2.5

&

2.6

2.7

2.8

2.9

3.1

3.2

3.3

3.4

3.5

4.1

5.1

5.2

5.3

5.4

5.5

6.1

6.2

6.3

6.4

.5

5.1 ,

, , , , .

.

, .

5.1.1 &

:

.

:

.

5.1.2

.

:

.

5.2

, , , (/ ) , .

, (progress reports) , :

, , .

. , , .

, .

, .

.

5.3 -

.

:

, , ( cable trays ), , , , , .

.

5.4

5.4.1

(12) . , , .

, .

5.4.2

, 4.2, , (3) (1) , . :

.

, , .

( / milestones).

/ , .

/ . .DXF (Generic CAD) .VSD (Microsoft Visio 2010), .DOC (Microsoft Word 2010 for Windows) .odt (Openoffice Writer) .XLS (Microsoft Excel 2010 for Windows) .ods (Openoffice Calc). .PDF (Acrobat).

( ) .

.

5.4.3

26, 27 . , (). :

. , (7) , . (5) .

, (7) (5) . , .

.

/ .

, , , (5) .

, , , o o 24 .

5.4.4

, , (6) . . / .

, . , .

.6 (SLA)

6.1

(Service Level Agreement - SLA) ., .

SLA . SLA () , (1) , . SLA .

, , 6.7 . SLA , .

6.2 SLA

., SLA .

: () , (5) , () . , SLA , . .

6.3 SLA

SLA SLA (, & , ) 3.2.6 3.2.9, 6.7.

SLA ( ) 3.2.10. , SLA, , ., . , , 6.7.

6.4 , SLA

:

( ), .

. (, ).

( ) 24 ( ) . , . 6.7.1 (), . SMS.

(.. ), . (5) .

, . :

.

.

.

.

.

SLA (.. ).

.

6.5 SLA

(, , ) , , .

, 6.7. ( ) , . ( ).

SLA , , . , 6.7. , SLA.

, 6.7.1. , , , . ( , -, ), .

.

6.6 SLA

(.. ) , .

, , .

6.7

6.7.1 ()

, , (4) :

: . , , . .

: . , .

: . , . , , .

: . , . , .

. 2.8 - SLA.

6:

/

1.

2.

&

3.

(Privileged User Password Management)

4.

&

5.

6.

7.

(Identity Management)

8.

9.

10.

(Web Application Firewall)

11.

12.

(VTL)

13.

14.

15.

&

16.

(Privileged User Password Management)

17.

&

18.

19.

20.

(Identity Management)

21.

22.

23.

(Web Application Firewall)

24.

25.

(VTL)

26.

27.

28.

29.

Disaster Recovery Center.

30.

/ (Network Admission/Access Control)

31.

32.

33.

& (Security Information & Event Management System)

34.

35.

( )

36.

37.

(version & releases)

38.

, :

20% , .

/ , , . , , firewall, , .

, . (1) 2 . 30% .

SLA, , . 10% .

, . , .

6.7.2 - -

SLA , SLA.

10% , .

A6.7.2.1 (Support Issue)

. , SLA. , , , .

, , .

, (3) (10) , . .

A6.7.2.2

( ) () (Helpdesk) (. 3.2.5.4.5).

A6.7.2.3

. () (. 3.2.5.4.5) .

A6.7.2.4

() 07:30 17:30 .

() , 00:00 07:30 17:30 24:00 .

A6.7.2.5 Helpdesk 1 ( 1 X1)

. Helpdesk, Helpdesk , . , (. 3.2.5.4.5).

(.. ) Helpdesk , / Helpdesk / .

A6.7.2.6 2 ( 2 X2)

Helpdesk , , Helpdesk . .

/ ( ), , 2 . , (5) ( , , , , ).

A6.7.2.7 ()

1 2. 1 2 .

A6.7.2.8 ()

(1: 1, ) (), (), () () . , :

7: ()

1

2

10

10

2

4

10

10

4

8

1

3

16

-

3

6

56

-

, . . .

A6.7.2.9 ()

(1+2).

6.7.3

, / , - -, .

(200) .

, 2 .

( ) , , . , , ( , , , firmware ) . , / .

Disaster Recovery Center, :

. (50.000 ).

. (50.000 ).

. . (50.000 ).

/ . . (500.000 ).

6.7.4

, (Helpdesk) . , .

( .) (.3.2.5.4.6).

. , , , .

, , :

.

.

, .

, (downtime) , :

.

.

. / .

. .

, , . .

.

SLA.

B: B1.

.

B1.1.

, .

() CCI 2007 GR 16 1 PO 002/26-10-2007 , : 327506.

. .

B1.2.

, .

(4.053.333,33 ) - 23%: 932.266,67 ).

( : 1.956.666,67 - 23%: 450.033,33) (5) .

, , () 075/4 075/9 201107540002 201107590002.

.

B1.3.

.

: 288, 15562

: 00 30 210 6505600

Fax: 00 30 210 6505949

E-mail: mailto: ktimagen@ktimatologio.gr

: / , , , . 00 30 210 6505689.

B1.4.

:

1. .3842/2010 ( 58/) , .

2. . 3614/2007 ( 267//3.12.2007) , 2007-2013, .3840/2010 ( 53//31.3.2010).

3. 2004/18/ , , .

4. .. 60/2007 ( 64/16.3.2007) 2004/18/ , , 2005/51/ 2005/75/ 16/11/2005.

5.To N.4013/2011 ( 204//15.09.2011)

6. .4038/2012 ( 14//02.02.2012) 2012-2015.

7. .3886/2010 ( 173//2010) - 89/665/ 21 1989 (L 395) 92/13/ 25 1992 (L 76), 2007/66/ 11 2007 (L 335).

8. . 2859/2000 ( 248//00) , . 3336/20-4-2005, 12.

9. . 2472/97 ( 50//97) , .

10. . 3845/2010 ( 65 // 6.5.2010): - .

11. . 3861/2010 ( 112//13.7.2010) , , 2, . 4, .16.

12. . 2283/1994 ( 151//16.9.1994) , .

13. . 3979/2011 ( 138//16.06.2011) .

14. . 4156/2013 ( 122/31.05.2013) ,

15. . . 52.050/4278-2/18.09.2013 1 .. INSPIRE MIS 327506 .

16. 075/4 075/9 2011, E: 201107540002 201107590002, .

17. 572/4/26.11.2013 , .

18. 19. XX/XX/XXXX .

20. ( 662//17.5.2010)

B1.5.

:

1. __ /__ /____.

2. __ /__ /____.

3. ( ) __ /__ /____ __ /__ /____.

4. (www.ktimatologio.gr) __ /__ /____, , __ /__ /____ @ (www. diavgeia.gov.gr), (www.e-procurment.gov.gr)

5. (e-Procurement.gov.gr)

B1.6.

, , o , 288, 15562, , // 13.00 .

, .

.

, .

, .

.

B1.7.

( 288, , ) (courier).

(courier), .

( , , , , ), , .

. .

, http://www.ktimatologio.gr .

e-mail ktimagen@ktimatologio.gr (, , , , , ) , . e-mail .

. .

B1.8.

( ) (15) . EKXA AE , , (6) .

( 288, 15562, ). .

, (e-mail) ktimagen@ktimatologio.gr, ( ), . .

, (http://www.ktimatologio.gr).

B1.9.

/ , :

(..)

()

(...) , . 2513/97 ( 139) ...

..

.. ... ..

:

1. B1.11 B1.14

2. 4 . 3310/05 . 3414/05

B1.10.

:

B1.11

43.1 60/2007, , , :

) , 2 1 98/773/

) , 3 26 1997 3 1 98/742/

) , 1

) , 1 91/308/EOK , 10 1991,

) , , , , , .

, ,

, .

B1.11.

, , . , , ( ), /:

1.

2. ,

3. /

4.

/

1.

B1.15

2.

. 1599/1986 :

:

1. 43 60/2007.

2. , , , , , ( / ) , , , , ( / ).

3. .

4. ( ).

5. , (20) 25 3614/2007.

6.