Security Policy

  • https://www.sidbivcf.in/ has been placed in protected zones with implementation of firewalls, MFA, Anti DDoS, DNS Sec, VPN, IPS, IDS (Intrusion Detection System), Geofencing, Anti-virus, PIM and high availability solutions.
  • Before launch of the https://www.sidbivcf.in/, simulated penetration tests have been conducted. Penetration testing has also been done after the launch of the https://www.sidbivcf.in/.
  • https://www.sidbivcf.in/ is audited on a quarterly basis for known application level vulnerabilities and all the known vulnerabilities are addressed within the prescribed timelines.
  • Hardening of servers has been done as per the applicable Center for Internet Security (CIS) benchmarks, before the launch of the https://www.sidbivcf.in/.
  • Access to web servers hosting the https://www.sidbivcf.in/ is restricted both physically and through the network as far as possible.
  • Logs for authorized physical access of https://www.sidbivcf.in/ servers and other security devices are integrated with SIEM.
  • Web-servers hosting the https://www.sidbivcf.in/ are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them.
  • All the development work is done in a separate development environment and is well tested on the staging server before updating it on the production server.
  • After testing properly on the staging server the applications are uploaded to the production server using SSH and VPN through a single point.
  • The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.
  • All contents of the web pages are checked for intentional or unintentional malicious content before final uploading to web server pages.
  • Audit and Log of all activities involving the operating system, access to the system, and access to applications are integrated with SIEM. All rejected access and services are logged and listed in exception reports for further scrutiny.
  • Help Desk staff at the Monitoring Team monitor the https://www.sidbi.in/ at intervals of weekly to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that non- authorized links have been established.
  • All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server.
  • On Production web servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related tasks are performed.
  • Server passwords are changed at the interval of 5 months and are shared by 2 persons Gautam Singh and Prakash Tripathi.
  • Grapesh Telecom has been designated as Administrator for the https://www.sidbivcf.in/ and shall be responsible for implementing this policy for each of the web servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s).
  • https://www.sidbivcf.in/ has also been subjected to a risk assessment performed through vulnerability identification software before and after the launch and all the known vulnerabilities have been addressed.