Post on 08-Apr-2015
Visit us at : www.nsdl.co.in 1
NSDLNSDL
THREAT PERCEPTIONS THREAT PERCEPTIONS &&
SECURITY MEASURESSECURITY MEASURES
Visit us at : www.nsdl.co.in 2
AGENDAAGENDA
• Introduction to Depository
• NSDL System Overview
• Threat Perception
• Security Measures
• IT Audit Practices
Visit us at : www.nsdl.co.in 3
NSDL - Bank -- An AnalogyNSDL - Bank -- An Analogy
BANKBANKBANKBANK
Holds funds inaccounts
Holds securities inaccounts
Transfers fundsbetween accounts
Transfers securitiesbetween accounts
Transfers withouthandling cash
Transfers withouthandling physicalsecurities
Safekeeping of money Safekeeping of securities
NSDL NSDL NSDL NSDL
Visit us at : www.nsdl.co.in 4
Legislation/RegulationsLegislation/Regulations
• Service only through Participants
• Depository to maintain client level data
• Daily Reconciliation
• Continuos Connectivity with Encryption
• Backup facility at an alternate site
Visit us at : www.nsdl.co.in 5
NSDL System OverviewNSDL System Overview
CLEARINGCORP.
REGISTRAR/ISSUERS
DEPOSITORY PARTICIPANTS
STAR NETWORK
SWIFT MESSAGING CONVENTION
ANOTHER DEPOSITORY
CC - 2
CC - 3
DP - 3 DP - 4 DP - 5
DEPOSITORY NSDL
SR-1
SR-2
SR-3
DP - 1 DP - 2
CC -1
Visit us at : www.nsdl.co.in 6
NSDL TodayNSDL Today
• Beneficiary Accounts : 48.85 lac
• Positions : > 2 crore
• Custody : Rs. 9 lac crore
• Settlement thru Demat : 99.99%
• No. of Comp. / Securities : 5000 + / 14000+
• Settlement value : > Rs. 2000 cr.
• Bookings : 6-12 lacs
• SWIFT Messages : 60-100 lacs
Visit us at : www.nsdl.co.in 7
Threat PerceptionThreat Perception
• Authenticity of Debit instruction
• Privacy of account holder’s information
• Disruption of Service
• Reconciliation
• Software Integrity
Visit us at : www.nsdl.co.in 8
• Participants System
• Depository Network
• Depository Central System
• NSDL Internal Office Infrastructure
• Internet based Services
Security Measures ScopeSecurity Measures Scope
Visit us at : www.nsdl.co.in 9
Participants SystemParticipants System
• Maker / Checker Implementation
• Audit Trails
• Inspection / Audit
• System Mandated Reconciliation
• Remote site backup + Log shipping
• Dial-up - Readiness Checks
Visit us at : www.nsdl.co.in 10
Depository Network Set-upDepository Network Set-up
• Closed User Group (CUG) Network
• Hardware based Authentication
• Encryption - Dynamic Key change
• IP Filtering + Access List on Gateway
• Port Restriction
• Telnet / Direct Login / File Transfer prohibited
• Accepts only Message with valid format
Visit us at : www.nsdl.co.in 11
Depository SystemDepository System
• System Enforced Password Policy
• Failed Login Alerts
• Discretionary Access Control (DAC)
• Audit Trail
• De-activation of user-id with Direct Access rights
• MAC Address authentication for Access
• LAN Switch Port mapped to MAC address
Visit us at : www.nsdl.co.in 12
Depository Internal Office Depository Internal Office InfrastructureInfrastructure
• Office Systems
– Switch based LAN / VLANs
– Roving Port disabled on all LAN Switches
– Local PC Data Protection Policy
– Media Disposal Policy
– Licensed Software Usage only
Visit us at : www.nsdl.co.in 13
Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.
• Internet Access
– Governed by Internet Usage Policy
– Access only through Proy Server
– Firewall / IDS / URL Categorisation
– E-Mail send / receive to server hosted outside
– Only HTTP / HTTPs ports allowed
– ICMP blocked, No access from outside
Visit us at : www.nsdl.co.in 14
Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.
• Virus Protection Mechanism
– Gateway Scanner
– Emails / Attachments scanned on Mail Server
– Desktop Anti Virus Protection
• Physical Access
– Proximity Card
– Video Surveillance
– Asset Movement Monitoring
Visit us at : www.nsdl.co.in 15
Internet based ServicesInternet based Services
• SPEED-e• SSL• Authentication
– Password– PKI / SMART Card
• 3 Tier architecture• Clustering• Firewall / IDS
Visit us at : www.nsdl.co.in 16
Internet based Services - Cont.Internet based Services - Cont.
V L A N V L A N V L A N
L o c a l D ir e c to r 1
L o c a l D ir e c to r 2
S e c u r ity G a te w a y
S e c u r ity G a te w a y
In te r n e tC lo u d
R o u te ra t T IS P
L 3 S w itc ha t T IS P C IS C O P IX F ir e w a ll 1
N S D L S e tu p (a t T IS P )
C IS C O P IX F ir e w a ll 2N S D L S e tu p (a t T IS P )
S P E E D e O N L IN E -1
S P E E D e O N L IN E -2
W E B S e r v e r s
A p p lic a t io nS e r v e r
A p p lic a t io n /D a ta b a se
S e r v e r
D a ta b a seS e r v e r
S to r a g e
N S D L S e tu p
6 4 K b p s L e a se dlin e
In tr u s io n D e te c t io n S y ste m
N M S
Visit us at : www.nsdl.co.in 17
Software Change ManagementSoftware Change Management
• SRC (Software Review Committee)
• SDLC approach with documentation
• Separate environments (Dev./ Test / Prod)
• Source management system (VSS / SCLM)
• Acceptance Testing
• Managed DPM software distribution
• Formal Software Release Reviews
Visit us at : www.nsdl.co.in 18
Business Continuity PlanningBusiness Continuity PlanningFacilitiesFacilities
• Dual UPS with Battery Back-up
• Standby Diesel generator
• Fire/Smoke detector & FM 200 Sprinklers
• Standby Air Conditioners
• Periodic Drill
Visit us at : www.nsdl.co.in 19
Business Continuity PlanningBusiness Continuity PlanningSystem and DataSystem and Data
• Processor/Disk Sparring
• Standby controller/Router
• Dual Logging
• Log file replication at another site
• Fire proof back-up storage
• Safe copy of software & critical documents
• Periodic Operations from DRS Facility
Visit us at : www.nsdl.co.in 207
Business Continuity PlanningBusiness Continuity PlanningNetworkNetwork
NSE DRS HUB
NSDL DRS
NSE PrimaryHUB, Mumbai,
Leased LineNSDLNET
ISDN / PSTN
NSDL NET
BusinessPartners
NSDL PrimaryProduction Site
Mumbai
NSDL TC
Fall Back
X. 25 VSAT Cloud
NSENET
Visit us at : www.nsdl.co.in 21
IT Audit PracticesIT Audit Practices
• Security Committee
• Vulnerability Assessment Group
• Risk Analysis Group
• Security Audit and Penetration Testing
• Surprise audit by Security Officer
Reporting to MD