Remote Access Procedure. e-governance



Similar documents
Network Security Guidelines. e-governance

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

CISCO IOS NETWORK SECURITY (IINS)

Connecting an Android to a FortiGate with SSL VPN

SonicWALL PCI 1.1 Implementation Guide

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Central Agency for Information Technology

COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE. Remote Access and Security I. PURPOSE.2 II. BACKGROUND.

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

e-governance Password Management Guidelines Draft 0.1

Client Security Risk Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

The purpose of this policy is to provide guidelines for Remote Access IPSec or Virtual Private

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Accessing TP SSL VPN

VERIFONE ENHANCED ZONE ROUTER

Setting Up Scan to SMB on TaskALFA series MFP s.

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

74% 96 Action Items. Compliance

Virtual Private Networks (VPN) Connectivity and Management Policy

Executive Summary and Purpose

Downloading the UHVPN Client and setting up Cisco VPN on Windows 7

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

ADM:49 DPS POLICY MANUAL Page 1 of 5

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

ISG50 Application Note Version 1.0 June, 2011

Firewall and Router Policy

DIS VPN Service Client Documentation

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Access Control Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Catapult PCI Compliance

University of Sunderland Business Assurance PCI Security Policy

c) Password Management The assignment/use of passwords is controlled in accordance with the defined Password Policy.

Time Warner Cable Business Class IP VPN & Managed IP VPN User Guide

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Best Practices For Department Server and Enterprise System Checklist

Information Security Basic Concepts

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Integrating LANGuardian with Active Directory

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Third Party Security Guidelines. e-governance

Achieving PCI-Compliance through Cyberoam

1B1 SECURITY RESPONSIBILITY

Remote Access Security

VPN Network Access. Principles and Restrictions

CONTENTS. PCI DSS Compliance Guide

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Cisco ASA. Administrators

PCI Requirements Coverage Summary Table

Kerio VPN Client. User Guide. Kerio Technologies

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

Scenario: Remote-Access VPN Configuration

Remote Vendor Monitoring

Supplier Security Assessment Questionnaire

CSP & PCI DSS Compliance on HP NonStop systems

Vendor Questionnaire

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

How To Secure An Emr-Link System Architecture

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

NETASQ SSO Agent Installation and deployment

PCI Requirements Coverage Summary Table

Accessing the Media General SSL VPN

Security. TestOut Modules

Scenario: IPsec Remote-Access VPN Configuration

This section provides a summary of using network location profiles to identify network connection types. Details include:

Requesting and Using an Admin Apps Virtual Desktop for Advantage

Step 1 : Remove Old Versions of Java

Tim Bovles WILEY. Wiley Publishing, Inc.

Network and Security Controls

NETWORK SECURITY POLICY

Protecting systems and patient privacy

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

How To Configure SSL VPN in Cyberoam

Cisco SA 500 Series Security Appliance

Cisco QuickVPN Installation Tips for Windows Operating Systems

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

RemotelyAnywhere Getting Started Guide

CHIS, Inc. Privacy General Guidelines

Department of Information Technology Remote Access Audit Final Report. January promoting efficient & effective local government

Transcription:

for e-governance Draft

DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document Data 1. Document Title 2. Document Code 3. Date of Release 4. Next Review Date 5. Document Revision Number 6. Document Owner 7. Document Author(s) 8. Document Reference Document Approval For Internal Use Only Page 2 of 13

Sr. No. Document Approver Approver Designation Approver E-mail ID Document Change History Version Revision Date Nature of Change Date of Approval No. For Internal Use Only Page 3 of 13

Table of Contents 1. INTRODUCTION... 5 2. SCOPE... 5 3. PURPOSE... 5 4. DEFINITIONS... Error! Bookmark not defined. 5. PARCH MANAGEMENT PROCESS... Error! Bookmark not defined. 5.1 PATCH MANAGEMENT PROCESS FLOW... Error! Bookmark not defined. 6. REMOTE ACCESS PROCEDURE FOR IT DEVICE AD MINISTRATION... 6 7. REMOTE ACCESS MANAGEMENT PROCEDURE FOR END USERS... 6 8. CONTROLS FOR REMOTE ACCESS... 9 9. KEY MEASURING PARAMETER... 12 10. PROCESS DEPENDENCY AND REFERENCE... 12 For Internal Use Only Page 4 of 13

1. INTRODUCTION access is the ability to get access to a computer or a network from a remote distance. The purpose of this document is to provide guidance on how remote access over network should take place in e-gov service delivery environment and ensure that e-gov service delivery environment remains secure during such access. 2. SCOPE The procedure is applicable to all system administration tasks performed remotely. This procedure is also applicable to all employees, contractors and third party staff with e-gov service delivery or personally-owned computer or workstation used to connect to the e-gov service delivery. 3. PURPOSE The objective of this document is to ensure data security when accessing the E-Gov service delivery network from remote locations outside E-Gov service delivery network or while using mobile devices. For Internal Use Only Page 5 of 13

4. REMOTE ACCESS PROCEDURE FOR IT DEVICE ADMINISTRATION Logon banner shall be set to notify that all activities performed in the server shall be monitored. IP and Port based access control shall be employed on the remote server. Firewall ingress filtering shall be deployed for ports used by respective tools for remote administration of the information system. The port shall be opened exclusively during the times, when remote administration needs to be done. The ID used by the tools for remote administration shall be separate from the Administrator s local system account. An audit log shall be enabled to ensure that there is an accurate record of IP addresses and users accessing devices. 5. REMOTE ACCESS MANAGEMENT PROCEDURE FOR END USERS For Internal Use Only Page 6 of 13

For Internal Use Only Page 7 of 13

S.N o 0. Start Activity (What) Role (Who) Entry Criteria (Begins When) Exit Criteria (Ends When) Input Source Output Destination Tasks to be Performed (How) 1. Raise the Request for 2. Take appropriate( CISO) approval 3. Forward the request to IT HelpDesk 4. Log a ticket for the request 5. Provide the user to User Need for User Request for User IT HelpDesk IT Operation s team Approved Request for Approved request forwarded to the IT HelpDesk Approved Request for User Request for User User IT HelpDesk IT Operation s team Approved request for remote access Approved request forwarded to the IT HelpDesk Ticket number of the request User provided with remote access User IT HelpDesk IT HelpDesk User User will raise the request for getting remote access User will take appropriate from CISO for getting remote access. The details for approval is given in the next section of this document User will forward the approved request to the IT HelpDesk IT HelpDesk will log a ticket for the approved request forwarded to it and will forward the request to the IT Operations team for execution IT Operations team will take actions to provide the to the user IT Operations team will note the time for which is requested and will disconnect the For Internal Use Only Page 8 of 13

S.N o Activity (What) Role (Who) Entry Criteria (Begins When) Exit Criteria (Ends When) Input Source Output Destination Tasks to be Performed (How) after that time 6. End 6. CONTROLS FOR REMOTE ACCESS service shall be provided to authorized users of E-Gov service delivery after due approval. Restricted (Services other than Email and web enabled intranet services) through service to the E-Gov service delivery network shall be provided only after due authorization for business purposes. Any service for troubleshooting purposes required by Vendors for E-Gov service delivery should be allowed through the service after due approval from the CISO. Authorized dial-in user s access shall be authenticated using authentication mechanisms like Cisco Control (TACACS+). Users accessing critical E-Gov service delivery intranet applications shall use appropriate encrypted channel for communication over the Internet. For Internal Use Only Page 9 of 13

Users should not connect to the access service of E-Gov service delivery from public places or Meeting rooms. E-Gov service delivery employees, contractors and third party staff with remote access privileges must ensure that their E-Gov service delivery owned or personal computer or workstation, which is remotely connected to E-Gov service delivery s network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user. Authorized access users shall not share his or her login or email password with anyone, not even with family members/colleagues. / VPN access needs to be removed after approved activation period or as and when the user s Email Id is removed. 7. GENERAL GUIDELINES FOR REMOTE ACCESS access shall be provided based on business justification and the approval of CISO. access for all third party employees/ contractors shall be based on business needs and justified by the respective business before approval of CISO. Non-disclosure agreement including agreement not to misuse the remote access facility shall be established with the concerned third party before provisioning the access. All remote access shall be considered as a privilege and shall not be misused in any way that can cause harm to the information assets. For Internal Use Only Page 10 of 13

Dial up VPN IPSec and/ or SSL VPN protocol shall be used for remote access. Client VPN software shall be installed on approved client systems only. All VPN sessions shall be monitored annually. Logs, configuration and access rules shall be backed up on a periodic basis. Logs shall be reviewed on a regular basis. Time synchronization shall be configured with the time-server. access shall be time bound between start and end date of the project and access shall be revoked based on the time bound. Application level access control shall be implemented in addition to the remote access authentication. VPN shall be placed in a secured area with restricted access with both Client-to-Site and Site-to-Site VPN s shall be supported. Firewall rule shall be in place to allow only specific/ mentioned VPN traffic. All rules shall be documented and versioned and shall be approved by the CISO. Recommended security settings shall be applied as per the vendor specifications. Users/employees with VPN privilege shall ensure that their systems are not used by unauthorized users to access the internal network. VPN connection shall be controlled using password authentication and token device. For Internal Use Only Page 11 of 13

VPN users shall be automatically disconnected from the network after approved time limit. The user shall log on again to reconnect to the network. Usage of pings or other artificial network processes shall not to be used to keep the connection open. 8. KEY MEASURING PARAMETER Management Compliance KPIs S. No. KPI Description Measurement Criteria Frequency Benchmark Supporting Evidence 1. Reconciliation of users Scope: All remote users with access to e-gov service delivery's network and applications. 100-{Modulus (No. of remote user IDs active on the systems No. of approved remote user IDs requests)} Monthly 100.0% user reconciliation reports 9. REFERENCE For Internal Use Only Page 12 of 13

Network Security Guidelines For Internal Use Only Page 13 of 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information