ppt of nsdl

Visit us at : www.nsdl.co.in 1

NSDLNSDL

THREAT PERCEPTIONS THREAT PERCEPTIONS &&

SECURITY MEASURESSECURITY MEASURES


AGENDAAGENDA

• Introduction to Depository

• NSDL System Overview

• Threat Perception

• Security Measures

• IT Audit Practices


NSDL - Bank -- An AnalogyNSDL - Bank -- An Analogy

BANKBANKBANKBANK

Holds funds inaccounts

Holds securities inaccounts

Transfers fundsbetween accounts

Transfers securitiesbetween accounts

Transfers withouthandling cash

Transfers withouthandling physicalsecurities

Safekeeping of money Safekeeping of securities

NSDL NSDL NSDL NSDL


Legislation/RegulationsLegislation/Regulations

• Service only through Participants

• Depository to maintain client level data

• Daily Reconciliation

• Continuos Connectivity with Encryption

• Backup facility at an alternate site


NSDL System OverviewNSDL System Overview

CLEARINGCORP.

REGISTRAR/ISSUERS

DEPOSITORY PARTICIPANTS

STAR NETWORK

SWIFT MESSAGING CONVENTION

ANOTHER DEPOSITORY

CC - 2

CC - 3

DP - 3 DP - 4 DP - 5

DEPOSITORY NSDL

SR-1

SR-2

SR-3

DP - 1 DP - 2

CC -1


NSDL TodayNSDL Today

• Beneficiary Accounts : 48.85 lac

• Positions : > 2 crore

• Custody : Rs. 9 lac crore

• Settlement thru Demat : 99.99%

• No. of Comp. / Securities : 5000 + / 14000+

• Settlement value : > Rs. 2000 cr.

• Bookings : 6-12 lacs

• SWIFT Messages : 60-100 lacs


Threat PerceptionThreat Perception

• Authenticity of Debit instruction

• Privacy of account holder’s information

• Disruption of Service

• Reconciliation

• Software Integrity


• Participants System

• Depository Network

• Depository Central System

• NSDL Internal Office Infrastructure

• Internet based Services

Security Measures ScopeSecurity Measures Scope


Participants SystemParticipants System

• Maker / Checker Implementation

• Audit Trails

• Inspection / Audit

• System Mandated Reconciliation

• Remote site backup + Log shipping

• Dial-up - Readiness Checks


Depository Network Set-upDepository Network Set-up

• Closed User Group (CUG) Network

• Hardware based Authentication

• Encryption - Dynamic Key change

• IP Filtering + Access List on Gateway

• Port Restriction

• Telnet / Direct Login / File Transfer prohibited

• Accepts only Message with valid format


Depository SystemDepository System

• System Enforced Password Policy

• Failed Login Alerts

• Discretionary Access Control (DAC)

• Audit Trail

• De-activation of user-id with Direct Access rights

• MAC Address authentication for Access

• LAN Switch Port mapped to MAC address


Depository Internal Office Depository Internal Office InfrastructureInfrastructure

• Office Systems

– Switch based LAN / VLANs

– Roving Port disabled on all LAN Switches

– Local PC Data Protection Policy

– Media Disposal Policy

– Licensed Software Usage only


Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.

• Internet Access

– Governed by Internet Usage Policy

– Access only through Proy Server

– Firewall / IDS / URL Categorisation

– E-Mail send / receive to server hosted outside

– Only HTTP / HTTPs ports allowed

– ICMP blocked, No access from outside


Depository Internal Office Depository Internal Office Infrastructure - Cont.Infrastructure - Cont.

• Virus Protection Mechanism

– Gateway Scanner

– Emails / Attachments scanned on Mail Server

– Desktop Anti Virus Protection

• Physical Access

– Proximity Card

– Video Surveillance

– Asset Movement Monitoring


Internet based ServicesInternet based Services

• SPEED-e• SSL• Authentication

– Password– PKI / SMART Card

• 3 Tier architecture• Clustering• Firewall / IDS


Internet based Services - Cont.Internet based Services - Cont.

V L A N V L A N V L A N

L o c a l D ir e c to r 1

L o c a l D ir e c to r 2

S e c u r ity G a te w a y

S e c u r ity G a te w a y

In te r n e tC lo u d

R o u te ra t T IS P

L 3 S w itc ha t T IS P C IS C O P IX F ir e w a ll 1

N S D L S e tu p (a t T IS P )

C IS C O P IX F ir e w a ll 2N S D L S e tu p (a t T IS P )

S P E E D e O N L IN E -1

S P E E D e O N L IN E -2

W E B S e r v e r s

A p p lic a t io nS e r v e r

A p p lic a t io n /D a ta b a se

S e r v e r

D a ta b a seS e r v e r

S to r a g e

N S D L S e tu p

6 4 K b p s L e a se dlin e

In tr u s io n D e te c t io n S y ste m

N M S


Software Change ManagementSoftware Change Management

• SRC (Software Review Committee)

• SDLC approach with documentation

• Separate environments (Dev./ Test / Prod)

• Source management system (VSS / SCLM)

• Acceptance Testing

• Managed DPM software distribution

• Formal Software Release Reviews


Business Continuity PlanningBusiness Continuity PlanningFacilitiesFacilities

• Dual UPS with Battery Back-up

• Standby Diesel generator

• Fire/Smoke detector & FM 200 Sprinklers

• Standby Air Conditioners

• Periodic Drill


Business Continuity PlanningBusiness Continuity PlanningSystem and DataSystem and Data

• Processor/Disk Sparring

• Standby controller/Router

• Dual Logging

• Log file replication at another site

• Fire proof back-up storage

• Safe copy of software & critical documents

• Periodic Operations from DRS Facility


Business Continuity PlanningBusiness Continuity PlanningNetworkNetwork

NSE DRS HUB

NSDL DRS

NSE PrimaryHUB, Mumbai,

Leased LineNSDLNET

ISDN / PSTN

NSDL NET

BusinessPartners

NSDL PrimaryProduction Site

Mumbai

NSDL TC

Fall Back

X. 25 VSAT Cloud

NSENET


IT Audit PracticesIT Audit Practices

• Security Committee

• Vulnerability Assessment Group

• Risk Analysis Group

• Security Audit and Penetration Testing

• Surprise audit by Security Officer

Reporting to MD

ppt of nsdl

Documents

Transcript of ppt of nsdl