visit us at : 1 nsdl threat perceptions & security measures
Post on 19-Dec-2015
219 views
TRANSCRIPT
![Page 1: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/1.jpg)
Visit us at : www.nsdl.co.in 1
NSDLNSDL
THREAT PERCEPTIONS THREAT PERCEPTIONS &&
SECURITY MEASURESSECURITY MEASURES
![Page 2: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/2.jpg)
Visit us at : www.nsdl.co.in 2
AGENDAAGENDA
• Introduction to Depository
• NSDL System Overview
• Threat Perception
• Security Measures
• IT Audit Practices
![Page 3: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/3.jpg)
Visit us at : www.nsdl.co.in 3
NSDL - Bank -- An AnalogyNSDL - Bank -- An Analogy
BANKBANKBANKBANK
Holds funds inaccounts
Holds securities inaccounts
Transfers fundsbetween accounts
Transfers securitiesbetween accounts
Transfers withouthandling cash
Transfers withouthandling physicalsecurities
Safekeeping of money Safekeeping of securities
NSDL NSDL NSDL NSDL
![Page 4: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/4.jpg)
Visit us at : www.nsdl.co.in 4
Legislation/RegulationsLegislation/Regulations
• Service only through Participants
• Depository to maintain client level data
• Daily Reconciliation
• Continuos Connectivity with Encryption
• Backup facility at an alternate site
![Page 5: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/5.jpg)
Visit us at : www.nsdl.co.in 5
NSDL System OverviewNSDL System Overview
CLEARINGCORP.
REGISTRAR/ISSUERS
DEPOSITORY PARTICIPANTS
STAR NETWORK
SWIFT MESSAGING CONVENTION
ANOTHER DEPOSITORY
CC - 2
CC - 3
DP - 3 DP - 4 DP - 5
DEPOSITORY NSDL
SR-1
SR-2
SR-3
DP - 1 DP - 2
CC -1
![Page 6: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/6.jpg)
Visit us at : www.nsdl.co.in 6
NSDL TodayNSDL Today
• Beneficiary Accounts : 48.85 lac
• Positions : > 2 crore
• Custody : Rs. 9 lac crore
• Settlement thru Demat : 99.99%
• No. of Comp. / Securities : 5000 + / 14000+
• Settlement value : > Rs. 2000 cr.
• Bookings : 6-12 lacs
• SWIFT Messages : 60-100 lacs
![Page 7: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/7.jpg)
Visit us at : www.nsdl.co.in 7
Threat PerceptionThreat Perception
• Authenticity of Debit instruction
• Privacy of account holder’s information
• Disruption of Service
• Reconciliation
• Software Integrity
![Page 8: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/8.jpg)
Visit us at : www.nsdl.co.in 8
• Participants System
• Depository Network
• Depository Central System
• NSDL Internal Office Infrastructure
• Internet based Services
Security Measures ScopeSecurity Measures Scope
![Page 9: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/9.jpg)
Visit us at : www.nsdl.co.in 9
Participants SystemParticipants System
• Maker / Checker Implementation
• Audit Trails
• Inspection / Audit
• System Mandated Reconciliation
• Remote site backup + Log shipping
• Dial-up - Readiness Checks
![Page 10: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/10.jpg)
Visit us at : www.nsdl.co.in 10
Depository Network Set-upDepository Network Set-up
• Closed User Group (CUG) Network
• Hardware based Authentication
• Encryption - Dynamic Key change
• IP Filtering + Access List on Gateway
• Port Restriction
• Telnet / Direct Login / File Transfer prohibited
• Accepts only Message with valid format
![Page 11: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/11.jpg)
Visit us at : www.nsdl.co.in 11
Depository SystemDepository System
• System Enforced Password Policy
• Failed Login Alerts
• Discretionary Access Control (DAC)
• Audit Trail
• De-activation of user-id with Direct Access rights
• MAC Address authentication for Access
• LAN Switch Port mapped to MAC address
![Page 12: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/12.jpg)
Visit us at : www.nsdl.co.in 12
Depository Internal Office Depository Internal Office InfrastructureInfrastructure
• Office Systems
– Switch based LAN / VLANs
– Roving Port disabled on all LAN Switches
– Local PC Data Protection Policy
– Media Disposal Policy
– Licensed Software Usage only
![Page 13: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/13.jpg)
Visit us at : www.nsdl.co.in 13
Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.
• Internet Access
– Governed by Internet Usage Policy
– Access only through Proy Server
– Firewall / IDS / URL Categorisation
– E-Mail send / receive to server hosted outside
– Only HTTP / HTTPs ports allowed
– ICMP blocked, No access from outside
![Page 14: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/14.jpg)
Visit us at : www.nsdl.co.in 14
Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.
• Virus Protection Mechanism
– Gateway Scanner
– Emails / Attachments scanned on Mail Server
– Desktop Anti Virus Protection
• Physical Access
– Proximity Card
– Video Surveillance
– Asset Movement Monitoring
![Page 15: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/15.jpg)
Visit us at : www.nsdl.co.in 15
Internet based ServicesInternet based Services
• SPEED-e• SSL• Authentication
– Password– PKI / SMART Card
• 3 Tier architecture• Clustering• Firewall / IDS
![Page 16: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/16.jpg)
Visit us at : www.nsdl.co.in 16
Internet based Services - Cont.Internet based Services - Cont.
V L A N V L A N V L A N
L o c a l D ir e c to r 1
L o c a l D ir e c to r 2
S e c u r ity G a te w a y
S e c u r ity G a te w a y
In te r n e tC lo u d
R o u te ra t T IS P
L 3 S w itc ha t T IS P C IS C O P IX F ir e w a ll 1
N S D L S e tu p (a t T IS P )
C IS C O P IX F ir e w a ll 2N S D L S e tu p (a t T IS P )
S P E E D e O N L IN E -1
S P E E D e O N L IN E -2
W E B S e r v e r s
A p p lic a t io nS e r v e r
A p p lic a t io n /D a ta b a se
S e r v e r
D a ta b a seS e r v e r
S to r a g e
N S D L S e tu p
6 4 K b p s L e a se dlin e
In tr u s io n D e te c t io n S y ste m
N M S
![Page 17: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/17.jpg)
Visit us at : www.nsdl.co.in 17
Software Change ManagementSoftware Change Management
• SRC (Software Review Committee)
• SDLC approach with documentation
• Separate environments (Dev./ Test / Prod)
• Source management system (VSS / SCLM)
• Acceptance Testing
• Managed DPM software distribution
• Formal Software Release Reviews
![Page 18: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/18.jpg)
Visit us at : www.nsdl.co.in 18
Business Continuity PlanningBusiness Continuity PlanningFacilitiesFacilities
• Dual UPS with Battery Back-up
• Standby Diesel generator
• Fire/Smoke detector & FM 200 Sprinklers
• Standby Air Conditioners
• Periodic Drill
![Page 19: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/19.jpg)
Visit us at : www.nsdl.co.in 19
Business Continuity PlanningBusiness Continuity PlanningSystem and DataSystem and Data
• Processor/Disk Sparring
• Standby controller/Router
• Dual Logging
• Log file replication at another site
• Fire proof back-up storage
• Safe copy of software & critical documents
• Periodic Operations from DRS Facility
![Page 20: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/20.jpg)
Visit us at : www.nsdl.co.in 207
Business Continuity PlanningBusiness Continuity PlanningNetworkNetwork
NSE DRS HUB
NSDL DRS
NSE PrimaryHUB, Mumbai,
Leased LineNSDLNET
ISDN / PSTN
NSDL NET
BusinessPartners
NSDL PrimaryProduction Site
Mumbai
NSDL TC
Fall Back
X. 25 VSAT Cloud
NSENET
![Page 21: Visit us at : 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES](https://reader035.vdocuments.us/reader035/viewer/2022062313/56649d2b5503460f94a00eab/html5/thumbnails/21.jpg)
Visit us at : www.nsdl.co.in 21
IT Audit PracticesIT Audit Practices
• Security Committee
• Vulnerability Assessment Group
• Risk Analysis Group
• Security Audit and Penetration Testing
• Surprise audit by Security Officer
Reporting to MD