Emergency Security Alert

Security Precautions to be Undertaken for Safeguarding Govt Websites and ICT Infrastructure

Description

Due to the prevailing geo-political situations and increased threat perception in the cyberspace, all NIC Employees are advised to stay on high alert and ensure proper cyber security hygiene and best practices are followed both at their Client level (i.e., desktop, laptop…etc) and Server/Data Centre/Network level.

Cyber Security Precautions to be Undertaken:

The following Security Precautions should be adhered to by all NIC/Govt employees and other Third Party/ contractual manpower who are involved in the development, design, testing, implementation, audit, operations, management and troubleshooting of any Government Website or Application or Database or ICT Infrastructure/Services:

• Ensure that the Operating systems running on all Client machines and Servers are installed with/patched with the latest OS updates/patches.
• Ensure that all Open Source or Proprietary - Applications, Frameworks, Softwares, Packages, IDEs, Databases, Reporting/BI/Analytical Tools, Services, APIs, Components, Libraries, Plugins…etc., used on both the server and client machines and with the latest updates/patches.
• Ensure that NIC Provided Antivirus Clients are installed on all Client machines and Servers. Full System scan should be done at least once in a week and Quick/Flash scans should be done at least once in a day
• Ensure that proper security hardening is carried out on all servers, client machines, webservers, databases..etc.
• Ensure that only the necessary ports and protocols are opened from the server for communication
• Ensure that logging is enabled in all servers, webservers, CMS, Databases, network devices, security devices, storage, VMs and any other ICT Infrastructure or Services, where logging is supported.
• If the Application/Website is behind a Load Balaner or WAF, then please ensure that X-Forwarded For (XFF) is enabled, so that the Original IP is captured in the web access logs.
• Remote desktop, Telnet, SSH and any other Administrative Access should be allowed only for VPN IPs.
• Do not use any remote administration tools like Anydesk, Ammy Admin, Team Viewer..etc.
• Critical Applications should be placed behind the Web Application Firewall (WAF)
• Ensure that NIC’s DNS Server Settings (164.100.3.1) is configured on all servers in NDCs and on all machines in NICNET
• Ensure that NIC’s NTP Server settings (samay1.nic.in / samay2.nic.in) is configured on all servers and client machines present in NDCs and NICNET.
• Always download updates and patches from the Official website or Repositories of the OEM. Never download the updates/patches from any unauthorized third-party websites.
• Disable Powershell in Windows based servers and client machines
• Don’t use the Root Account or Super Administrator Account in your servers/clients, for day to day activities
• On a daily basis check all files present under the Website root directory and Upload directory for any unauthorized file modifications and deletions.
• On a daily basis check the web access logs, Database logs, CRON Jobs, scheduled tasks, maintenance tasks, User activity logs for any unusual or suspicious activities
• Restrict the access of CMS/Site Administration Access to NIC’s VPN based IPs only. These Admin URLs should not be accessible over the internet.
• Ensure that all the sites and applications are using https (i.e., valid ssl certificate).
• Ensure that all API Calls are done through encrypted channel.
• Ensure that all credentials, API Keys, connection strings are encrypted
• Identify the target user base for your site or Application. If the target user base is within India, or restricted to certain countries, then please share the information with incident@nic-cert.nic.in , so that the access to your site or application can be geo-fenced and will be allowed only for the specific countries.
• Ensure that the root/super Administrator credentials of all Applications, Sites, Databases, Servers, Storage, ICT Infrastructure resides with the Government employee.
• Don’t install any pirated software or cracks on your Servers and Client machines.
• Always use a non-administrator account for carrying out day to day activities.
• Don’t store or exchange any sensitive information or credentials through third party messaging Apps/Email and social media.
• Don’t store any credentials or passwords on your phone or computer
• Don’t Use the same credentials on multiple websites/applications/servers/client machines
• Don’t install any browser plugins or toolbars on the machine which is used for accessing the NDC
• Adhere to all Advisories published by NIC-CERT, Application Security and Cyber Security - Divisions.
• Take prompt action on any security issues pointed out by NIC-CERT/Application Security/Cyber Security – Divisions
• In case of any security incident kindly report it to NIC-CERT at: incident@niccert.nic.in