Contigency Plan

Contingency Plan in the event of defacement

Defacement Protection Policy

• The CPRI website is security audited for application vulnerabilities and performance.
• Any application level modification on the CPRI website implies re-audit of the website.
• All the servers’ configuration and logs are monitored timely.
• Only system administrator users are allowed to access the servers for doing administration and configuration tasks.
• All servers are in lock and net secured.
• Contents are updated through secured FTP using VPN.

Monitoring of defacement of CPRI website

There are two ways of monitoring the defacement of the CPRI website.

1.  Cyber security division is continuously monitoring by analyzing the log files. The Central help desk at NIC (HQ) data Centre is also monitoring the websites at regular interval for possible defacement or undesirable change in the CPRI website.
2. The NP also monitors the website regularly. In case of any eventuality, whoever notices it first shall inform the Technical Manager and Web Information Manager on Phone as well as through email.

 Actions to be taken after defacement

As soon as the Technical Manager and/or Web Information Manager receive the information regarding the defacement of the website, the following steps will be taken:

• Stoppage/partial stoppage of the website according to the degree of defacement.
• Analyzing log files and troubleshooting the source of defacement and blocking of the service.
• Analyzing type of defacement and fixing it.
• In case of complete loss of data, restoring the website data from backup or starting of website from DR site in case of long down time.
• Giving of log files to security division for analysis.
• Fixing of all vulnerabilities on the basis of security recommendations and re-auditing of applications.
• Restoring the affected /corrupted contents from the backup and restoring the site.

Contact details in case of any eventuality of defacement

 

 Name

Designation

Organization
E-Mail Address
Telephone/Mobile No.

Office Address

Shaileshwari M U
Web Information Manager
CPRI
shaileshwari@cpri.in
080 2207 2294

CPRI, Bengaluru

Dr. P Kaliappan
Technical Manager
CPRI
kaliappan@cpri.in
080 2207 2093

CPRI, Bengaluru

 

 Time for Restoration of the CPRI website after defacement

The time taken for restoration of the CPRI website depends on the degree of defacement and services affected by the defacement. Ideally it will take 1 hour to 8 hours for the restoration.

1.  Data Corruption

A proper mechanism has been worked out for data backups by the Head, NIC, CPRI IT Division and Web Administrator of NP and also for ensuring that appropriate and regular backups of the CPRI website data are taken. The CPRI data should be divided and kept in various servers and also back up of the data is taken up periodically in the tapes or hard disks so that in case the data server goes down or corrupts the data, the website service remains unaffected.

1. Hardware/Software Crash

Though such an occurrence is a rarity, still in case the server on which the website has been hosted crashes due to some unforeseen reason, the web hosting service provider (NIC) has enough redundant infrastructures available to restore the website at the earliest.

Contingency Plan in case of Natural Disasters/Calamity

There could be circumstances whereby due to some natural calamity (due to reasons beyond the control of any person), the entire data centre where the CPRI website has been hosted gets destroyed or ceases to exist. In such an eventuality, in-charge of National Data Centre will instruct that the CPRI website to be started from the DR site, which is located at the NIC State Centre, Hyderabad.

 DC Location

A Data Centre (SAN) is installed at Shastri park, where all the database servers of the CPRI website are located. Following team of NIC Shastri Park Data Center Team is responsible for the smooth functioning of the Database servers, SAN and Security deployment.

S No.

Name

Designation

Role

Telephone

E mail Address

1.  

Support Engineer

Support Engineer

Support

011-22181403

Support-ndcsp@nic.in

 DR Location

There could be circumstances wherein due to some natural calamity, the entire data center where the website is being hosted gets destroyed or ceases to exist. In order to manage such problem ‘Disaster Recovery Centre (DRC)’ has been set up at following geographically remote location and the website is switched over to the DRC with minimum delay and restored on the Web. The DR location is as follows;

DR Location 1 - NDC, Pune

DR Location 2 - NDC, Bhubaneswar

DR Team at Pune and Bhubaneswar

The DR team at Pune and Bhubaneswar consists of followings:

1. Server Administrator
2. Network Administrator
3. Cyber Security
4. SAN Administrator

 

After getting necessary instruction for starting CPRI website services from the DR location, all the team members will play their role as per the restoration steps given below:

Sr. No.

Task Description

Team Responsible

1

Splitting of the server pairs engaged in SAN based replication

SAN team (Pune & Bhubaneswar)

2

Opening the DR servers and checking for SAN disks

Server team (Pune)

3

Getting the SAN disks on DR systems in read and write mode with the help of SAN Team

Server & SAN team (Pune)

4

Checking the mount points and website set-up:

1. df –h (/home1 & /home2)
2. Browse the IP based test website from the same IP Segment

Server team (Pune)

5

Network level setup for making DR sites starts functioning finally

Network team (Pune & Bhubaneswar)

6

Checking the website functionality from different internet connection nodes.

All

 

 Time for DR Restoration

Time required for starting of CPRI website from the remote location depends on several things; ideally the restoration will take 4 hours to 12 hours.