Security Policy
Website has been placed in protected zones with implementation of firewalls and IPS and high availability solutions.
Website was audited for known application level vulnerabilities before the launch and all the known vulnerability was addressed.
All the development works are done on separate development environment are well tested on staging server before updating it on the production server.
The content contributed through the content management systems are through authenticated way and are not published on the production server directly.
All newly released system software patches; bug fixes and upgrades shall are expediently and regularly reviewed and installed on the web server
1. Contingency Plan In The Event Of Defacement / Natural Calamity (Clause 8.3)
Website is hosted and managed at ERNET India as per ERNET policies and covered in the contingency plan of ERNET.
DR centre location and actions proposed to be taken up by Data centre in case of Fire, earthquake, flood etc.
Defacement of the website:
As soon as defacement is noticed, site is immediately taken off from the public domain. The site with minimum and saved content is published within few hours from DR centre. Meanwhile the source of defacement is identified and action are taken to remove the cause and ensure encourage off such indent don’t take place. The site will be restores within 48 hours from Primary Data Centre.
ERNET India website is security audited for application vulnerabilities and performance.
Only system administrator users are allowed to access the servers for doing administration and configuration tasks.
- All servers are in lock and net secured.
- Files are updated through secured FTP using VPN.
- Content are uploaded through secured CMS within ERNET India website Premises.
- If any unauthorized person hacks the website, then we stop the website and find out the root cause.
- Root cause will be invested and corrected and website will be fully operational will certain time period.
Data Corruption: 8.3.2
To enable a fast recovery and uninterrupted availability of the information to the site users. Backup is being taken on regular bases (daily) by ERNET India, New Delhi and kept securely as per our back up policy.
Hardware/Software Crash: 8.3.3
Though such an occurrence is a rarity, still in case the server on which the website is being hosted crashes due to some unforeseen reason, the web hosting service provider National Informatics Centre (NIC) has enough redundant infrastructure available to restore the website at the earliest.
Natural Disasters: 8.3.4
There could be circumstances whereby due to some natural calamity (due to reasons beyond the control of any person), the entire data center ERNET India website is being hosted gets destroyed or ceases to exist. In such an eventuality, in-charge of ERNET will instruct that Office of the ERNET website to be started from the Disaster Recovery site.