Network Security Guidelines. e-governance

Transcription

1 Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India.

2 Document Control S/L Type of Information Document Data 1. Document Title e-gov Network Security Guidelines 2. Document Code GL_eGov_NS 3. Date of Release 4. Next Review Date 5. Document Revision Number 6. Document Owner DietY 7. Document Author(s) 8. Document Reference Document Approval Sr. No. Document Approver Approver Designation Approver ID Document Change History Version No. Revision Date Nature of Change Date of Approval For Internal Use Only Page 2 of 17

3 Table of Contents 1. INTRODUCTIO N SCOPE PURPO SE NETWORK M ANAGEM NT NETWORK CONNECTIVITY NETWORK SERVICES NETWORK ARC HITEC TURE & DESIG N LOCAL AREA NETWORK LOCAL AREA NETWORK PHYSIC AL S ECURITY PERIMETER SEC URITY FIEWALL ADMINISTRATION ROUTER INTRUSION DETECTION / PREVENTION SYSTEM INTRANET SECURITY SWITCH SECURITY DESKTOP AND SERVER SECURITY VIRTUAL PRIVATE NETWORK SAN REMO TE ACCESS S ECURI TY REMOTE DESKTOP ACCESS THIRD PARTY ACCESS For Internal Use Only Page 3 of 17

4 10. WIREL ESS ACC ESS ENCRYPTION NETWORK MO NITO RING A ND TROUBL ESHO OTING REF ERENCE INTRODUCTION For Internal Use Only Page 4 of 17

5 The increasingly important role of automated information system networks in organizations has fuelled the need for more secure systems. Any intrusion or network failure would affect confidentiality, availability and integrity of the organization information assets. 2. SCOPE This guideline is applicable to all Network devices such as routers, switches, and firewalls etc. used in e-gov service delivery. 3. PURPOSE The purpose of these guidelines is to guide network administrators of e-gov information systems on appropriate use of its assets & facilities deployed for providing e-gov services. It also helps to implement Network Segmentation (I.AC-5), Network Routing Control (I.AC-6), and Network Connection Control mentioned (I.AC-7) in esafe GD NETWORK MANAGEMNT Network services and servers should be controlled to ensure that connected users or computer services do not compromise the security of any other networked services. Network design / architecture of the organization should be formally documented, approved and periodically reviewed by the CISO. Any change initiated in the network design should undergo proper change management process; with appropriate testing and formal approvals for implementation should be sought from CISO, along with any compensating controls if required. The changes should be reflected in an updated network diagram. For Internal Use Only Page 5 of 17

6 The network administrator should ensure that the network diagram is current. Number of entry points and single point of failures should be minimized to ensure a stable network. Servers / Systems which need to be placed in the DMZ should be identified. The firewall and other filtering devices to control the external traffic will be deployed, configured and managed by Network Administrator. Antivirus software should be deployed and managed by Network Team. 4.1 NETWORK CONNECTIVITY All network connections from the untrusted network (internet) should pass through the firewall and router prior to accessing the trusted network. All connections from the internet to the internal network should be through SSL VPN communication channel. 4.2 NETWORK SERVICES The network services and ports, required for business function operations, should be identified, documented and updated periodically or whenever any change is observed The Security team should conduct periodic reviews to ensure no unnecessary services are active on the servers. In case any noncompliance is found during such reviews, CISO should be informed who should take an appropriate action. For Internal Use Only Page 6 of 17

7 Other than the maintained standard list of services and ports if any other service or port needs to be enabled on the server as per the business requirement; must follow a change management process and must be properly authorized, tested and implemented along with the compensating controls if required. The details of this test and approval process should be documented. A network server should be dedicated to a single service; this simplifies configuration thereby reducing the risk of configuration errors. In some cases however, it may be appropriate to offer more than one service on a single host computer. Any remote access or VPN request should go through proper authorization process. 5. NETWORK ARCHITECTURE & DESIGN 5.1 LOCAL AREA NETWORK The network design should clearly demarcate the Local area Network (LAN) of the organization. The LAN should cover the desktops, servers and other devices which are supposed to be placed so as to be protected from the un-trusted network. VLANs configured within the LAN should be highlighted in the design to segregate access to any critical server. Communication between different segments of LAN should be restricted if not required. 5.2 LOCAL AREA NETWORK For Internal Use Only Page 7 of 17

8 The network design should reflect the connections made to the external (i.e. SWAN) networks WAN communication controls will be managed and controlled by network administrator Proper segregation of LAN, WAN, SWAN and Internet connection should be depicted in the network diagram 6. PHYSICAL SECURITY All Devices should be hosted inside secure environment like server room. Devices should be installed inside rack locked with lock & key. Proper environmental condition should be maintained to protect the devices. Every quarter review of physical & environmental condition should be carried out. 7. PERIMETER SECURITY The perimeter security should be managed with the implementation of adequate filtering and monitoring devices such as firewall, Router, Intrusion detection or prevention systems. For Internal Use Only Page 8 of 17

9 7.1 FIEWALL ADMINISTRATION For any systems hosting e-gov applications, or providing access to sensitive or confidential information, internal firewalls or filtering routers must be used to provide strong access control and support for auditing and logging. Physical access to the firewall terminal is limited to authorize people only. Only the firewall administrator and backup administrator must be given user accounts on the firewall. The firewall administrator or backup administrator must only do any modification of the firewall system after raising a proper change request. Before an upgrade of any firewall component, the firewall administrator must verify with the vendor that an upgrade is required. After any upgrade the firewall must be tested to verify proper operation prior to going operational. All security patches recommended by the firewall vendor must be implemented in a timely manner. Firewall Logs: The firewall must be configured to log all reports. Firewall logs will be reviewed on a daily basis by the network security team if any attacks have been detected Firewall backup The firewall (systems software, configuration data, etc.) must be backed up and a copy of current configuration/last configuration would be available with Security team. For Internal Use Only Page 9 of 17

10 Firewall backup files must be stored securely offsite to recover during a disaster. 7.2 ROUTER All default passwords used for administrative or otherwise authorization must be changed. Router must have the latest vendor-supplied security patches installed. Relevant security patches shall be installed within one month of release. Configuration files of the router must be protected properly. Passwords must be changed as per password security policy. Routers must have appropriate login banners. All router operating system upgrades from vendors must be scanned for viruses before using in the production environment. All maintenance fixes must be applied on the routers during non-peak or off businesshour times. Latest configuration of all the routers must be backed up as per the backup policy. Router configuration and rule set should be reviewed after every quarter. Default SNMP community strings must be replaced with complex strings and this strings will be known to only authorized personnel in Data centre. Access rules must be added as business needs arise. Telnet should never be used across any network to manage a router, unless there is a secure tunnel protecting the entire communication path. SSH is the preferred management protocol. For Internal Use Only Page 10 of 17

11 7.3 INTRUSION DETECTION / PREVENTION SYSTEM All default passwords used for administrative or otherwise authorization must be changed IDS / IPS signatures must be updated on regular basis Configuration files of the IDS / IPS must be protected properly and should be backed up as per back up policy Vendor-supplied security patches must be installed on IDS / IPS. All changes must be followed by change management procedure. IDS / IPS rule set must be reviewed after every quarter. Access to IDS / IPS for management purpose must be restricted to authorized personnel and it should be a secure means of access like SSH or HTTPS. 8. INTRANET SECURITY 8.1 SWITCH SECURITY The core switches should be physically located in the Server Room with adequate physical access control and favourable environmental controls. Adequate segregation of internal network should be implemented by configuring VLANs. Inter VLAN based policies and policy based routing should be implemented on the switches. For Internal Use Only Page 11 of 17

12 Only Network Administrators should have user accounts on the switch. Passwords should be changed as per the password policy. Remote access management should only be implemented over VPN or SSH. Configuration files of the switch should be protected by appropriate file permissions/authentication. The switch operating system upgrades from vendors should be scanned for viruses prior to deployment in the production environment. Latest configuration of all the switches should be backed up as per the backup policy. All maintenance fixes shall be applied on the switches during non-peak or off businesshour times. All switches should be configured as per the defined secured guidelines document. 8.2 DESKTOP AND SERVER SECURITY All desktops should be equipped with an updated version of antivirus software. The desktops should be updated with the latest security patch released by the vendor. Access to system utilities should be limited to administrators only. The desktops and servers should be managed and maintained by the system administrator. The desktops and servers should be hardened as per the respective hardening or baseline documents. For Internal Use Only Page 12 of 17

13 8.3 VIRTUAL PRIVATE NETWORK The Organization will be using a Virtual Private Network (VPN) service as a mechanism for its users to access network resources from remote locations. All employees/third parties/contractors requiring VPN access to the organizational network should seek formal approval from the CISO and their Departmental Head highlighting the business need for the access. A list of users granted VPN access should be maintained by the Network Security team All VPN users should authenticate to the VPN server using their network account user ID and password. IPSEC or SSL mode for VPN communication channel should be implemented All users using VPN service should ensure that firewall and virus protection software is installed and maintained on their machine. Software updates should be applied regularly and other standard practices must be followed to keep their VPN client system secure against unauthorized access. Users should not share their VPN account or password with others. Administrative access to VPN should controlled using two factor authentication. 8.4 SAN SAN storage box must be protected from unauthorized access. Only authorized users will have access to the SAN boxes. Changes on SAN storage box should adhere to change management process SAN configuration files should be backed up and copied to secure place For Internal Use Only Page 13 of 17

14 SAN should support cloning (create copy of production disks) onto less expensive disks from which the backup would be performed without affecting the performance of the production disks. 9. REMOTE ACCESS SECURITY The following procedures should be followed to secure IT systems of when they are accessed remotely. 9.1 REMOTE DESKTOP ACCESS All users requiring access to RDP (Remote Desktop Connectivity) services should seek formal approval from their departmental Head and CISO highlighting the business requirement for the same. The list of users granted access to the RDP service should be maintained and updated following changes along with the respective expiration time period. Periodic review of desktop/server should be conducted to ensure adherence to authorized access of RDP service. 9.2 THIRD PARTY ACCESS All connectivity established must be based on the least-access principle, in accordance with the approved business requirements and the security review. Third party or vendor must follow e-gov Security Policy. All changes in the third party connections must be approved and authorized by the Organization. For Internal Use Only Page 14 of 17

15 Third party access privileges should be reviewed at regular intervals. Third party access should be deactivated as per the proper procedure if not required 10. WIRELESS ACCESS Implementation of wireless devices should be approved by authorized personnel. Wireless LAN Access should be over encrypted channel using stronger encryption methods. It should be ensured that wireless access points are secured properly. SSID (Service Set Identifier) of the wireless network should be unique and must not be broadcasted. 11. ENCRYPTION Encryption must be used when information of Confidential and Proprietary classification is passed over the network. Network security team should evaluate the different protocols and implement strong cryptographic controls to safeguard information. Critical information, such as passwords in Database should be encrypted using strong encryption algorithm. For Internal Use Only Page 15 of 17

16 Encryption and decryption keys should be securely stored in a sealed envelope or in a system. 12. NETWORK MONITORING AND TROUBLESHOOTING All network devices should be monitored regularly to identify any link/component failures. The network should also be monitored to ensure legitimate use of the allocated network bandwidth. Appropriate corrective actions and preventive actions should be implemented and documented for any network failures. 13. REFERENCE Network Segmentation (I.AC-5) in esafe-gd200 The network architecture and segmentation should be based on different security level (depending on the nature of the information asset and anticipated security threats). Network Routing Control (I.AC-6) in esafe-gd200 The organization should adopt a policy in respect of controlling the information flow within the system and between interconnected systems. The For Internal Use Only Page 16 of 17

17 information system should enforce such policy wherever there is a difference in the level of trust. Network Connection Control mentioned (I.AC-7) in esafe-gd200 For shared networks, especially those extending across the organization s boundaries, the capability of users to connect to the network should be restricted, in line with the access control policy and requirements of the business applications For Internal Use Only Page 17 of 17