Contingency Plan in the event of defacement
- The CPRI website is security audited for application vulnerabilities and performance.
- Any application level modification on the CPRI website implies re-audit of the website.
- All the servers’ configuration and logs are monitored timely.
- Only system administrator users are allowed to access the servers for doing administration and configuration tasks.
- All servers are in lock and net secured.
- Contents are updated through secured FTP using VPN.
Monitoring of defacement of CPRI website
There are two ways of monitoring the defacement of the CPRI website.
- Cyber security division is continuously monitoring by analyzing the log files. The Central help desk at NIC (HQ) data Centre is also monitoring the websites at regular interval for possible defacement or undesirable change in the CPRI website.
- The NP also monitors the website regularly. In case of any eventuality, whoever notices it first shall inform the Technical Manager and Web Information Manager on Phone as well as through email.
Actions to be taken after defacement
As soon as the Technical Manager and/or Web Information Manager receive the information regarding the defacement of the website, the following steps will be taken:
- Stoppage/partial stoppage of the website according to the degree of defacement.
- Analyzing log files and troubleshooting the source of defacement and blocking of the service.
- Analyzing type of defacement and fixing it.
- In case of complete loss of data, restoring the website data from backup or starting of website from DR site in case of long down time.
- Giving of log files to security division for analysis.
- Fixing of all vulnerabilities on the basis of security recommendations and re-auditing of applications.
- Restoring the affected /corrupted contents from the backup and restoring the site.
Contact details in case of any eventuality of defacement
Name
Designation
Organization
E-Mail Address
Telephone/Mobile No.
Office Address
Shaileshwari M U
Web Information Manager
CPRI
shaileshwari [at] cpri [dot] in
080 2207 2294
CPRI, Bengaluru
Dr. P Kaliappan
Technical Manager
CPRI
kaliappan [at] cpri [dot] in
080 2207 2093
CPRI, Bengaluru
Time for Restoration of the CPRI website after defacement
The time taken for restoration of the CPRI website depends on the degree of defacement and services affected by the defacement. Ideally it will take 1 hour to 8 hours for the restoration.
A proper mechanism has been worked out for data backups by the Head, NIC, CPRI IT Division and Web Administrator of NP and also for ensuring that appropriate and regular backups of the CPRI website data are taken. The CPRI data should be divided and kept in various servers and also back up of the data is taken up periodically in the tapes or hard disks so that in case the data server goes down or corrupts the data, the website service remains unaffected.
Though such an occurrence is a rarity, still in case the server on which the website has been hosted crashes due to some unforeseen reason, the web hosting service provider (NIC) has enough redundant infrastructures available to restore the website at the earliest.
Contingency Plan in case of Natural Disasters/Calamity
There could be circumstances whereby due to some natural calamity (due to reasons beyond the control of any person), the entire data centre where the CPRI website has been hosted gets destroyed or ceases to exist. In such an eventuality, in-charge of National Data Centre will instruct that the CPRI website to be started from the DR site, which is located at the NIC State Centre, Hyderabad.
A Data Centre (SAN) is installed at Shastri park, where all the database servers of the CPRI website are located. Following team of NIC Shastri Park Data Center Team is responsible for the smooth functioning of the Database servers, SAN and Security deployment.
S No.
Name
Designation
Role
Telephone
E mail Address
Support Engineer
Support Engineer
Support
011-22181403
Support-ndcsp [at] nic [dot] in
There could be circumstances wherein due to some natural calamity, the entire data center where the website is being hosted gets destroyed or ceases to exist. In order to manage such problem ‘Disaster Recovery Centre (DRC)’ has been set up at following geographically remote location and the website is switched over to the DRC with minimum delay and restored on the Web. The DR location is as follows;
DR Location 1 - NDC, Pune
DR Location 2 - NDC, Bhubaneswar
DR Team at Pune and Bhubaneswar
The DR team at Pune and Bhubaneswar consists of followings:
- Server Administrator
- Network Administrator
- Cyber Security
- SAN Administrator
After getting necessary instruction for starting CPRI website services from the DR location, all the team members will play their role as per the restoration steps given below:
Sr. No.
Task Description
Team Responsible
1
Splitting of the server pairs engaged in SAN based replication
SAN team (Pune & Bhubaneswar)
2
Opening the DR servers and checking for SAN disks
Server team (Pune)
3
Getting the SAN disks on DR systems in read and write mode with the help of SAN Team
Server & SAN team (Pune)
4
Checking the mount points and website set-up:
- df –h (/home1 & /home2)
- Browse the IP based test website from the same IP Segment
Server team (Pune)
5
Network level setup for making DR sites starts functioning finally
Network team (Pune & Bhubaneswar)
6
Checking the website functionality from different internet connection nodes.
All
Time required for starting of CPRI website from the remote location depends on several things; ideally the restoration will take 4 hours to 12 hours.