Security Infrastructure
Physical Security
-
• Close Circuit TV
• Three cameras per floor and one camera installed in the Server room.
• Based on digital recording on hard disk.
• Remote viewing possible.
• 24X7 management by the security guards.
Network Security
Firewall
-
• Dual PIX in High Availability Mode.
• ISA based firewall after PIX providing flexible access policies.
• Dual Packet Filtering Firewall in High-Availability mode with VPN support. The stage one is Cisco PIX (with High Availability option) with redundant physical boxes. Second stage is Microsoft ISA (Internet Security and Acceleration) Server.
Secured V-LAN for Separate Clients
• Provision is made for offshore clients to have their own Local Area Network secure by way of either separate physical network or through separate V-LAN. This kind of provision ensures complete security of data on the LAN.
WAN/LAN switches password
-
• The password for the switches is to be changed every 30(thirty) days. Repeatability of password is to be avoided.
• The password is kept at a secure area.
• The password would be changed under following circumstances:
-
• Breach of password detected by Networks
• Any event that makes it a necessity to change the password as visualized by Head Networks • At the expiry of usage period
• On resignation / termination of services of any Technology team member.
System Security
Antivirus protection
-
• Installation of antivirus software for each virus entry point on the network such as Internet gateway, mail servers, LAN servers, desktop on LAN, laptops and standalone PCs.
• Updating program components and virus pattern files to stop the latest viruses.
• Disable floppy drive access on all workstations.
• Check and clean all floppies and CD media before using.
• Perform a Virus Cleaning exercise once in three months.
• Daily Backup and offsite storage of month end backup tapes.
User Data Security
-
• Dedicated folders on file server. The access to these folders is dependent on the access privileges given to each individual user. All system files/directories are write protected from users.
• Backup for this server taken on a daily basis.
• The floppy drives at each of the user is disabled.
• As we are using Windows 2000 as an operating system, we have disabled the control panel access and command prompt access for all the CSEs.
• No default administration access is allowed to CSEs and no access provided to users for modifying BIOS.
• CSR are given the access to the Internet as per the process requirement and all other access is denied.
• All the attachments in the mail going outside are restricted and are regularly screened by email content manager of Trend Micro and in turn monitored by system and administration department.
• Incoming *.exe, *.eml etc attachments are not allowed and this list gets updated on ant virus software (Trend Micro) updates. This is done to prevent the flow of disastrous viruses.
• No media is allowed inside the process floor.
• No user is allowed to carry the bags and any food item/beverages on the working floor.