Survey
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Download NSDL IT SECURITY MEASURES
Document related concepts
no text concepts found
Transcript
NSDL THREAT PERCEPTIONS & SECURITY MEASURES Visit us at : www.nsdl.co.in 1 AGENDA • Introduction to Depository • NSDL System Overview • Threat Perception • Security Measures • IT Audit Practices Visit us at : www.nsdl.co.in 2 NSDL - Bank -- An Analogy BANK NSDL Holds funds in accounts Holds securities in accounts Transfers funds between accounts Transfers securities between accounts Transfers without handling cash Transfers without handling physical securities Safekeeping of securities Safekeeping of money Visit us at : www.nsdl.co.in 3 Legislation/Regulations • Service only through Participants • Depository to maintain client level data • Daily Reconciliation • Continuos Connectivity with Encryption • Backup facility at an alternate site Visit us at : www.nsdl.co.in 4 NSDL System Overview ANOTHER DEPOSITORY CC -1 CLEARING CORP. SR-1 DEPOSITORY NSDL CC - 2 SR-2 CC - 3 REGISTRAR /ISSUERS SR-3 DP - 1 DP - 2 DP - 3 DP - 4 DP - 5 DEPOSITORY PARTICIPANTS STAR NETWORK SWIFT MESSAGING CONVENTION Visit us at : www.nsdl.co.in 5 NSDL Today • • • • • • • • Beneficiary Accounts : 48.85 lac Positions : > 2 crore Custody : Rs. 9 lac crore Settlement thru Demat : 99.99% No. of Comp. / Securities : 5000 + / 14000+ Settlement value : > Rs. 2000 cr. Bookings : 6-12 lacs SWIFT Messages : 60-100 lacs Visit us at : www.nsdl.co.in 6 Threat Perception • Authenticity of Debit instruction • Privacy of account holder’s information • Disruption of Service • Reconciliation • Software Integrity Visit us at : www.nsdl.co.in 7 Security Measures Scope • Participants System • Depository Network • Depository Central System • NSDL Internal Office Infrastructure • Internet based Services Visit us at : www.nsdl.co.in 8 Participants System • Maker / Checker Implementation • Audit Trails • Inspection / Audit • System Mandated Reconciliation • Remote site backup + Log shipping • Dial-up - Readiness Checks Visit us at : www.nsdl.co.in 9 Depository Network Set-up • Closed User Group (CUG) Network • Hardware based Authentication • Encryption - Dynamic Key change • IP Filtering + Access List on Gateway • Port Restriction • Telnet / Direct Login / File Transfer prohibited • Accepts only Message with valid format Visit us at : www.nsdl.co.in 10 Depository System • System Enforced Password Policy • Failed Login Alerts • Discretionary Access Control (DAC) • Audit Trail • De-activation of user-id with Direct Access rights • MAC Address authentication for Access • LAN Switch Port mapped to MAC address Visit us at : www.nsdl.co.in 11 Depository Internal Office Infrastructure • Office Systems – Switch based LAN / VLANs – Roving Port disabled on all LAN Switches – Local PC Data Protection Policy – Media Disposal Policy – Licensed Software Usage only Visit us at : www.nsdl.co.in 12 Depository Internal Office Infrastructure - Cont. • Internet Access – Governed by Internet Usage Policy – Access only through Proy Server – Firewall / IDS / URL Categorisation – E-Mail send / receive to server hosted outside – Only HTTP / HTTPs ports allowed – ICMP blocked, No access from outside Visit us at : www.nsdl.co.in 13 Depository Internal Office Infrastructure - Cont. • Virus Protection Mechanism – Gateway Scanner – Emails / Attachments scanned on Mail Server – Desktop Anti Virus Protection • Physical Access – Proximity Card – Video Surveillance – Asset Movement Monitoring Visit us at : www.nsdl.co.in 14 Internet based Services • SPEED-e • SSL • Authentication – Password – PKI / SMART Card • 3 Tier architecture • Clustering • Firewall / IDS Visit us at : www.nsdl.co.in 15 Internet based Services - Cont. VLAN VLAN VLAN Database Server Intrusion Detection System L3 Switch at TISP CISCO PIX Firewall 1 NSDL Setup (at TISP) Internet Cloud Security Gateway Local Director1 Router at TISP Application/ Database Server CISCO PIX Firewall 2 NSDL Setup (at TISP) Storage Local Director2 Application Server NMS Security Gateway WEB Servers 64 Kbps Leased line SPEEDe ONLINE-1 SPEEDe ONLINE-2 NSDL Setup Visit us at : www.nsdl.co.in 16 Software Change Management • SRC (Software Review Committee) • SDLC approach with documentation • Separate environments (Dev./ Test / Prod) • Source management system (VSS / SCLM) • Acceptance Testing • Managed DPM software distribution • Formal Software Release Reviews Visit us at : www.nsdl.co.in 17 Business Continuity Planning Facilities • Dual UPS with Battery Back-up • Standby Diesel generator • Fire/Smoke detector & FM 200 Sprinklers • Standby Air Conditioners • Periodic Drill Visit us at : www.nsdl.co.in 18 Business Continuity Planning System and Data • Processor/Disk Sparring • Standby controller/Router • Dual Logging • Log file replication at another site • Fire proof back-up storage • Safe copy of software & critical documents • Periodic Operations from DRS Facility Visit us at : www.nsdl.co.in 19 Business Continuity Planning Network NSE Primary HUB, Mumbai, NSE DRS HUB X. 25 VSAT Cloud NSENET NSDL Primary Production Site Mumbai ISDN / PSTN NSDL NET Fall Back NSDL TC NSDL DRS Leased Line NSDLNET Visit us at : www.nsdl.co.in Business Partners 20 7 IT Audit Practices • Security Committee • Vulnerability Assessment Group • Risk Analysis Group • Security Audit and Penetration Testing • Surprise audit by Security Officer Reporting to MD Visit us at : www.nsdl.co.in 21
Related documents