information security policies & practices - iqac.iiitb.ac.in
TRANSCRIPT
IT- IS Security Policies & Procedures
For
International Institute of Information Technology
Bangalore
[Murugan]
Jan 2019
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions:Murugan IIITB Confidential
1.1.2019 Page 2 of 88
Revision History
Date Change Description Change authorised By Reviewed By
1.1.2017 Review IT policy for the
year 2017
IT Committee Chairman IT Committee
members
1.1.2019 Review IT policy for the
year 2019 IT Committee Chairman
IT Committee
members
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan IIITB Confidential
Jan 1 2019 Page 3 of 88
Table of Contents
1 Introduction 4
2 Scope 6
3 Structure 6
4 Organization Structure 7
5 Policies 14
6 License Management Policy 25
7 Backup & Recovery Policy 30
8 Password Policy 36
9 Internet & Intranet Security Policy 42
10 Antivirus Policy 49
11 Physical Security 59
12 Network Security 69
13 Network Acceptable Use Policy 73
14 IT Configuration and Patch Management Policy 75
15 IT & IS INFRASTRUCTURE 77
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions:Murugan IIITB Confidential
1.1.2019 Page 4 of 88
1 Introduction
International Institute of Information Technology Bangalore (IIITB) information assets and the
technology resources that support the institution are critical to the functioning of the
Institution. IIITB recognizes its information assets are at risk from potential threats such as
Physical security, Personnel security, Operations security, Communications security, Network
security, Information security,
Such events could result in damage to or loss of information resources, corruption or loss of
data integrity, interruption of the activities of the Institution, or compromise
confidentiality/privacy of information pertinent to Staff & Students of IIITB.
These IT Security policies are carefully formulated to reduce risks to electronic information
resources through implementation of controls designed to detect and prevent errors or
irregularities that may occur. IIITB recognizes that absolute security of IT resources against all
threats is an unrealistic preposition that would require the commitment of a prohibitively high
level of resources. The Institution’s goals for risk reduction are based, therefore, on the
following principles:
The criticality of an IT Resource to the operation of the IIITB.
The sensitivity of the data residing in or accessible through the IT Resources.
The cost of preventive measures and controls designed to detect incidents.
The amount of risk that management at the campus or the Office of the Director is
willing to absorb.
Achieving a successful information security program requires management/executive
committee’s planning for preparedness, detection, response and recovery with respect to
protection of the information enterprise. Risk assessment and determination of appropriate
security measures must be a part of all systems design and operations undertaken in the
institution.
These Policies identify the set of measures that should comprise campus security programs.
Security programs should include identification of the IT & IS Manager who is responsible for
campus compliance with its security program. Security programs shall undergo periodic
evaluation of administrative, technical, and physical safeguards to ensure that they adequately
address operational or environmental changes.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan IIITB Confidential
Jan 1 2019 Page 5 of 88
The Policy describes the high-level direction for information security management within
IIITB and custodians of IIITB IT assets. It is based on three concepts: availability, integrity,
and confidentiality:
Confidentiality ensures that IIITB Information is not disclosed to anyone who is not
authorized to access it. In support of this is the idea of need-to-know, authorizing the
sharing of IIITB Information only among those who can demonstrate a legitimate need.
Integrity ensures that IIITB Information is correct or accurate to the degree anticipated
by those who use it. It also ensures that IIITB Information has not been changed and
has not been exposed to unauthorized modification, or disposal.
Availability ensures that IIITB Information is accessible when and where it is needed.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions:Murugan IIITB Confidential
1.1.2019 Page 6 of 88
2 Scope
These Policies apply to all students & Staff and to all entities/affiliates of IIITB. These Policies
do not apply to the Research network and other affiliate laboratories. Implementation of
these Guidelines, including development of more specific standards or guidelines as needed,
is the local responsibility of respective stake holders and the Office of the Director. The
Office of the Director in its enterprise wide role across IIITB has overall responsibility for
implementing the policy, including these Guidelines on IT Security.
The IIITB Information Security Policy & Practices will be reviewed and evaluated once in 6 or
9 months for updates. Updates may include the creation of new Practices, modifications to
existing Practices, and/or the deletion of line item details. Updates can be triggered by
several events including but not limited to:
New technology including applications, hardware, or software
Security deficiencies
Changes in legal, regulatory, or reporting requirements
Physical or environmental alterations
Request for deviation from a Service Provider
Periodic re-evaluation of current requirements
As IIITB is in the fore front of IT education & research in India, it is essential that all staff&
students understand the value of IIITB’s Information and their individual and collective
responsibility to protect it.
3 Structure
The Policy is supported by a set of common best Practices and guidelines. The office of the
Director and other relevant stake holders may also choose to add unique situation driven
practices and associated mechanisms that reflect IT security control requirements necessary
to support the smooth functioning of the institute. The document is structured as below.
The Policies have the following headings:
Purpose: The purpose of the policy is brought to the fore to the audience; this essentially tells
the managements intention by enforcing the policy
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan IIITB Confidential
Jan 1 2019 Page 7 of 88
Scope: The scope of the policy is to essentially outline the general applicability of the policy
to the respective stake holders; the scope further gives a broad idea as to the applicability of
the policy to the target audience.
Policy Statement: This is a single line statement explaining the crux of the overall policy,
primarily intended for the top management.
Policy: This section describes the policy in itself in its entirety
Responsibility: This section outlines the responsibilities of the individual stake holders in great
detail
Enforcement: This section brings out the ways and means by which the management intends
to enforce the policy which it has formulated.
Procedures: The procedures are a set of guidelines or best practices that must be followed to
effectively enforce the policy.
4 Organization Structure
Purpose
To explain the organization structure of IIITB
To define the roles and responsibilities for various functions within IIITB
To explain the process of organizational change management within IIITB
Scope
Applicable to all areas of IIITB functions.
Policy
Organizational structure within IIITB will be defined with the roles and responsibilities
identified.
Definitions of roles and responsibilities will be changed according to the organizational
change management policy.
Definitions of roles and responsibilities will have clear segregation of duties.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions:Murugan IIITB Confidential
1.1.2019 Page 8 of 88
Organizational Chart
The security organizational structure is as shown below:
Responsibility
The various roles and responsibilities for IIITB personnel are defined as follows:
Office of the Director
Primary Responsibility
Act as the custodian of IT security at IIITB.
Functional Responsibilities
Be the last word in any decision pertaining to the IT security of the Institute.
Uphold the dictum of IT security ethics outlined in the policy
Call for IT security reviews every month with ISO, Chairman computing.
Chairman Computing
Primary Responsibility
Act as the secondary in charge for the Director
Functional Responsibility
Be part of any decision pertaining to the IT security of the Institute Drive the user
awareness sessions along with the ISO.
Director
Inventory Officer
IT / Librarian/ Accounts
S ystem Admin for
Datacenter
N etwork Admin for
Campus
Chairman (Computing )
with 2 facu lty’s Members
IT Staff /IT Personnel
Helpdesk
Sr. IT & IS Manager
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan IIITB Confidential
Jan 1 2019 Page 9 of 88
IT & IS MANAGER (Information IT, IS and Security
Manager) Primary Responsibilities
Act as Information IT, IS and Security Manager for the organization.
Functional Responsibilities
Be the Institute’s single point contact on information security.
Promote information Technology and security awareness for all the Staff & Students in the
institute.
Develop, implement, revise and document location-wide (and subsequently institute wide)
security policies.
Periodically review the status of the information Technology infrastructure and security
policy implementation in IIITB and report the status to the office of the director
Be part of the decision-making team when the organization is involved in designing,
planning, procuring or upgrading technologies.
Conduct formal / informal training on relevant topics on security like firewall
implementation, VPN configuration within the IT staff.
Act as the single point of contact for all issues involving information security including, but
not limited to, questions, alerts, viruses and breaches.
System admin for Datacenter: (Servers, Application, database & Security Administrator
(Outsource Support staff along with in-house Sr.IT & IS Manager) Test and install available
patches for fixes for known security bugs in vendor software.
Primary Responsibilities
Plan, implement, monitor, administer and upgrade security controls for IIITB’s computing
infrastructure and environment (Computers and VM’s in datacenter).
Help develop internal security standards for IIITB in consultation with IT & IS Manager.
Functional Responsibilities
Test, install, and maintain security infrastructure equipment.
Help define, document, and maintain IIITB security policy.
Monitor, audit, test the systems and networks for possible security threats and
vulnerabilities.
Review security log files on a daily basis, investigate and report anomalies and breaches.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions:Murugan IIITB Confidential
1.1.2019 Page 1
0 of 88
Be abreast with the technology changes and continuously evaluate possible threats
resulting from technology changes to the organization’s existing computing and network
infrastructure.
Investigate, coordinate, report, and follow-up on computer network security incidents.
Disseminate IIITB security policy and procedures to the appropriate entities on a need to
know basis.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 11 of 88
System Administrator: regular Responsibilities of System Administration.
PC and laptop users Maintenance.
Users of LAN and WAN servers administration.
Critical Spare maintenance for all PCs and laptops
Functional Responsibilities
Perform regular security audits and take corrective action as required. These audits may
cover attempts to crack user passwords; maintenance of system logs of network activity in
order to watch for attacks on network/system security; deletion or alteration of system-
related files in user accounts; deletion of files or processes that are jeopardizing the
security of a user account or of the system as a whole or which have resulted in
degradation of system performance.
Perform periodic backups of user and operating system files. The frequency of these
backups will vary from system to system. Periodically reorganize file systems while
ensuring that proper file security is maintained.
Inspect, edit or delete private information (whether in the form of user accounts, files,
processes, etc.) as required, and dealing with incidents of suspected inappropriate use".
Apply patches and upgrades to operating systems and utilities as available.
Inform the users of the system about planned outage/unavailability of the system so that
they can plan their work accordingly.
Monitor console message during shifts and ensure data protection, diagnose and recover
system failures. Maintain production/uptime/hardware fault logs.
Ensure data security by taking regular/off site/Monthly backups, in accordance with
specified schedule/contingency plans as decided from time to time.
Trouble shooting of any hardware-related problems on PC’s and also inform IT department
about the status of the call.
Fault isolation, installation and diagnosis of Server/PC hardware.
Co-ordinate with Vendors for corrective maintenance of all hardware peripherals as and
when required.
Ensure the maximum uptime of links, Internet and maintain the logs of uptime/downtime
of this hardware. .
Allocation/tracking of laptops and maintain the necessary logs.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 12 of 88
Network Administrator (LAN/WAN) (Outsourced staff, monitored by Sr. IT & IS MANAGER)
Primary Responsibilities
Install, maintain, administer, support and upgrade the networks (LAN/WAN) in IIITB.
Support and administration of IIITB computing and LAN networking.
Functional Responsibilities
Configure workstations and servers on Microsoft Windows / Linux platforms for the
networks.
Install network monitoring/administration tools and troubleshoot the problems with the
networks.
Ensure uptime of networks and support the links for all the building blocks of campus.
Support helpdesk personnel for server and network related issues.
Perform off-line server activities such as backups.
Configure LAN and WAN switches, Access Points, hubs, and routers.
Install and ensure security controls such as firewalls and proxy servers are functioning
properly.
Evaluate network-monitoring tools and recommend relevant tools that will enhance the
network and provide defined security.
Report any breach of security on the servers that are assigned for monitoring
Inventory officer (Accounts and Purchase department / IT & IS Manager)
Primary Responsibilities
Ensure that appropriate information is available and organized to meet users’ needs.
Media management.
Functional Responsibilities
Analyze user needs using existing industry publications and sources to determine which
information is appropriate, searching for, acquiring and providing relevant information.
Educating users on information retrieval techniques that will ensure that information is
located in the shortest possible time.
Manage acquisitions of computer software, and information services, and prepare material
to communicate this on a timely basis to users.
Negotiate contracts with respect to coverage and pricing for services, materials, and
software to be purchased for users.
Compile multimedia material on specific subjects that are of value to the organization.
Manage the media procurement and distribution to users.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 13 of 88
Maintain and track inventory of items under library management and report status at least
once a year to the office of the director.
IT Department Personnel (IT support /Helpdesk outsource work force)
Primary Responsibilities
Perform IT department’s activities as outlined in the contract for the activities.
Functional Responsibilities
Receive, assign and record support calls from users. Ensure that the problems are resolved
within the stipulated time period.
Reassign/escalate the calls based on the nature and status of the calls.
Execute helpdesk activities and collect feedback through various mechanisms especially
for day-to-day desktop support calls
Provide suggestions on improving service levels based on the day-to-day experience and
the feedback and data.
Take initiative in implementing directives resulting out of change in processes related to
desktop management and other support activities in a timely manner.
Implement and support the solutions based on the problem reported and follow change
management processes as defined in change management.
Plan and caution the users well in advance about problems anticipated and changes that
are planned before they are affected.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 14 of 88
5 Policies
IT Infrastructure Usage Policy
Please read the following IIIT Bangalore (IIITB) Information Technology (IT) Infrastructure
usage policy carefully.
Whom this Document Concerns
All Users of IT infrastructure (Computers, Network and other Electronic Devices) at IIIT
Bangalore.
Reason for Policy
This policy presents the responsible use of the Information Technology Infrastructure at IIIT
Bangalore. Users of IIITB’s IT-Infrastructure will be subject to the following acceptable use
policy.
Statement of Policy
1. Student, staff, and Faculty with authorized accounts may use the computing and IT
facilities for academic purposes, official Institute work, and for personal purposes so
long as such use o Does not violate any law, Institute policy or IT act of the
Government of India.
o Does not interfere with the performance of Institute duties or work of an
academic nature.
o Does not result in commercial gain or private profit other than that allowed by
the Institute (as judged by IIITB Director or committee constituted by Director).
2. Users are expected to respect the privacy of other users and they shall not allow any
other person to use their password or share their account. It is the users' responsibility
to protect their account from unauthorized use by changing passwords periodically.
Sharing of passwords for any purpose whatsoever is strictly prohibited.
3. Any user’s attempt to circumvent system security, guess others’ passwords, or in any
way gain unauthorized access to local or network resources is forbidden. Users may
not use another person's computing account, attempt to forge an account identity, or
use a false account or e-mail address.
4. Transferring copyrighted materials to or from the IIITB systems without express
consent of the owner is a violation of law. In addition, use of the internet for
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 15 of 88
commercial gain or profit is not allowed. If done so, it will be at the sole responsibility
of the user.
5. The downloading and installing of new software has to be done with the explicit
consent of the respective faculty in-charge. Installation of unlicensed software on IIITB
facilities, or on individual machines connected to the IIITB network, is strictly
prohibited.
6. The assigned IIITB e-mail address constitutes the users’ official email id. To the extent
possible, users are expected to use only their official email addresses for official
communications with other members of the Institute and external official
communication.
7. Spamming or spreading any malware is strictly disallowed.
8. All communication carried out using personal email ids is entirely the individual’s
responsibility.
9. Subscribing to mailings lists and forums outside the Institute is an individual’s
responsibility.
10. It is forbidden to send frivolous or academically unimportant messages to any group.
Broadcast of messages to everyone in the system is allowed only for academic
purposes and emergencies.
11. Shared email accounts for any purpose whatsoever are not allowed. Any special
accounts, if need to be set up for conferences and other valid reasons as determined
by the institute authorities, must have a single designated user.
12. Recreational downloads and peer to peer connections for recreational purposes are
banned.
13. To the extent possible, users are expected to connect only to the official IIITB WiFi
network for wireless access. Setting up of unsecured WiFi systems on the IIITB network
is prohibited in accordance with a Government of India ban.
14. Users are expected to take proper care of equipment, and are expected to report any
malfunction to the staff on duty or to the in-charge of the facility.
15. NO FOOD OR DRINK is permitted in the laboratories and class rooms. Also making
noise either through games/ music or even talking and/ or singing loudly is prohibited.
16. Playing of Video Games in Institute laboratories or using Institute facilities for video
games is strictly prohibited. Display of offensive material (either on computer screens
or through posters etc.) is strictly disallowed and serious action will be taken against
offenders. Usage of non-academic audio/video streaming services are prohibited. One
should not offend anyone by sending electronic message with respect to religion, cast,
colour and law.
17. Any violations of policy will be treated as academic misconduct, misdemeanor, or
indiscipline as appropriate. Depending upon the nature of the violation, the institute
authorities may take an action by issuing a warning through disabling the account. In
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 16 of 88
extreme cases, the account may be completely deleted and/ or the user prohibited
access to IT facilities at IIITB and/ or sent to the Institute disciplinary action committee
as constituted by the Institute authorities.
18. A student spends a whole day attending theory, tutorial and lab classes and followed
by studies till late evening. It is well-known that a person needs at least 6-hours of
sound sleep at night to catch up with next day’s intellectual activity fruitfully. Hence,
Internet in hostels will be stopped from midnight to morning 6 AM. However, one week
before the exams, it will be relaxed by a few hours till end of exam. Moreover, if
someone wants to read for some urgent requirement, can come to academic building
and use the Internet.
19. For the safety of the students and to support their requirements, the labs will remain
open as long as a lab assistant / teaching assistant / research scholars / lab in-charge
is present in the lab.
20. The policy may change as and when it is considered required and new policies or the
changes in policy will take effect immediately after a brief announcement by any
means, e-mail, printed notices, or through the news groups.
21. Incubation: We are providing same students usage policy for all the
incubation/acceleration companies’ staff.
Computing and Networking policy for the Year 2016- 2017
1. IT Policy
The current IT policy is being reviewed and updates to this will be proposed. Target for Rollout:
end July 2017 . All students will be expected to sign this at the start of the new academic Year.
The policy will also be applicable for faculty and staff.
Some of the plans below make assumptions about the directions in the to be proposed Policy.
Specifically:
1. All devices (laptops/desktops/tablets/mobiles) connecting to the Institute network will
need to be registered with IT services. No open access points will be provided except
for experimental/evaluation purposes. The process for such special access points will
be worked out.
2. Antivirus (MacAfee) Software to be mandatory on all laptops/desktops connected to
the Institute Network.
3. Blocking of illegal/blacklisted/inappropriate sites will continue as before.
4. Overall internet usage patterns will be tracked on a per user level, to the extent required
by law. In addition, total bandwidth usage per user will be tracked and heavy users will
be notified. Based on usage patterns, we will evaluate the need for special Charges
where usage exceeds an agreed to threshold, and not specifically approved for a
project.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 17 of 88
2. Internet bandwidth
The current bandwidth of 40 Mbps (20 each from Vodafone and Tata Teleservices) has
proved to be inadequate for backup internet facilities, based on analysis of usage patterns
compare to 1Gbps from BSNL NKN network. While there is potential capacity of 1 Gbps
internet bandwidth is used for entire campus. The current plan is to look at increasing the
leased bandwidth (from one or both existing suppliers), with the goal of at least doubling
the total bandwidth with minimal impact on the connectivity. In parallel, optimization of
internal networks and switches (as part of the plan to set up the new hostel) should help in
better utilization of available bandwidth.
Approved: To Upgrade Tata Teleservices connection to 100 Mbps . This will be operational
end June 2017. The current contracts will be terminated at the end of June, for which the one
month notice needs to be provided by end May.
In parallel, efforts will be made to improve the usability of the NKN connection, which will also
serve as the Primary in case of major failure, backup Tata Teleservices link used as load
balancing. The combination of these should help improve internet experience on campus.
Usage:
The available bandwidth will be shared between the academic and hostel segments, with the
ratio adjusted by time-of-day. This will be fine-tuned based on actual usage patterns. Each
download and upload file size is limited to 60 MBPS.
Tentative assignment:
Daytime (8am to 7pm): Academic: 40 Mbps, Hostels: 60 Mbps
Nighttime (7pm to 8am): Academic: 20 Mbps, Hostels: 80 Mbps
Between the hostels, the bandwidth will be allocated between the different blocks based on
occupancy. The NKN connection will be dedicated to backup link and also load balanced for
specific labs/projects and other requirements in the Academic block.
3. Tracking Internet usage
Total bandwidth usage per user will be tracked, and reviewed on a weekly/monthly basis.
The top 510 users (or those exceeding a defined threshold) will be notified. A mechanism for
identifying and approving legitimate “heavy usage” will be worked out.
4. Connecting Devices and BYOD
All devices connecting to the IIITB network will need to be registered with IT Services, and
will be assigned IP addresses. This includes desktops, laptops, tablets, mobile phones and
any other devices requiring network access, wired or wireless. This will ensure better
management of the health of the network, as also enable compliance with provisions of the
IT Act. This process will be rolled out in a phased manner in June, starting with the MTech
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 18 of 88
students (summer term), as well as other students who are on campus, faculty and admin
machines. Mobile phones and tablets will also be covered under this. By end June 2018,
there will be no open access on campus.
For this registration, students will need to bring their laptops/devices to the Data Center,
where their MAC addresses will be recorded and IP address assigned. A calendar for this
support will be published soon. The planned to complete by July 31st,2018.
A special process for guest and short-term access will be worked out, though this will
essentially go through the same process.
5. Antivirus protection
It has been observed that a number of devices connected to the network are infected with
Viruses and impact the overall network traffic and quality. Since the network and internet
bandwidth are shared resources, it is important that we minimize the impact of such viruses.
Hence, all machines (initially desktops and laptops) connected to the Institute network will
need to have antivirus protection. Specifically, the MacAfee Antivirus licensed by the Institute
will need to be installed on all connected machines. For dual boot machines, the antivirus
will need to be enabled on both operating system partitions. This will be tracked and
enforced by the IT group, and machines violating this will be taken off the network until they
are made compliant. This rollout will be along with the device registration described earlier,
over the month of June and July, 2017.
6. Print facility
We have new printer, available for faculty, staff and students. A separate printer (the existing
machine) will be retained for certain confidential and administrative printing. Some Faculty
have their own printers from there project and research purpose, which they will continue to
use.
7. Budget and Expense Tracking
The IT budget for the year 2016-17 is in place. As per the new Finance process, we will
present and get approval for the projected expenses for each month, and track expenses
against that.
To enable this, we have started tracking the Plan/Forecast/Actual expenses on a monthly basis,
for the entire financial year.
At the end of each month, we will present the projected expense for the next month, as well
as a summary of the actual expenses year-to-date, and the forecast for the rest of the year
(all compared to the plan).
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 19 of 88
Computing and Networking for the Year 2017-2018
1. IT Policy
The current IT policy is being reviewed and updates to this will be proposed. Target for
Rollout: before July 10th,2018. All students will be expected to sign this at the start of the
new academic year. The policy will also be applicable for faculty and staff.
Some of the plans below make assumptions about the directions in the to be proposed Policy.
Specifically:
1. All devices (laptops/desktops/tablets/mobiles) connecting to the Institute network
will need to be registered with IT services. No open access points will be provided
except for experimental/evaluation purposes. The process for such special access
points will be worked out.
2. Antivirus (MacAfee) software to be mandatory on all laptops/desktops connected to
the institute network.
3. Blocking of illegal/blacklisted/inappropriate sites will continue as before.
4. Overall internet usage patterns will be tracked on a per user level, to the extent
required by law. In addition, total bandwidth usage per user will be tracked and heavy
users will be notified. Based on usage patterns, we will evaluate the need for special
Charges where usage exceeds an agreed to threshold, and not specifically approved
for a project.
2. Internet bandwidth
The current bandwidth of 100 Mbps (100 MBPS fibre 1:1 Premium from Tata Teleservices)
has proved to be inadequate for backup internet facilities, based on analysis of usage
patterns compare to 1Gbps from BSNL NKN network. While there is potential capacity of 1
Gbps internet bandwidth is used for entire campus.
The current plan is to look at increasing the leased bandwidth (from existing Vendor TATA),
with the goal of at least doubling the total bandwidth with minimal impact on the budget. In
parallel, optimization of internal networks and switches (as part of the plan to set up the new
hostel) should help in better utilization of available bandwidth.
IT Committee Approved for: 512 Mbps
Upgradation of the internet Bandwidth from Tata Teleservices connection ISP from 100
Mbps to 512 Mbps with 64 valid IP’s. This will be operational by end of December 2018. The
current contracts will be terminated at the end of November 2018, for which the one month
notice needs to be provided by end Oct 2018.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 20 of 88
In parallel to 1 Gbps BSNL NKN connection, which serve as the primary, in case of failure of
this connectivity the secondary the Tata Teleservices link will be used.
The combination of these should help improve internet experience on campus.
Usage:
The available bandwidth will be shared between the academic and hostel segments, with the
ratio adjusted by time-of-day. This will be fine-tuned based on actual usage patterns.
Tentative assignment: from June, 2018
Daytime (8am to 7pm): Academic: 55 Mbps, Hostels: 100 Mbps
Nighttime (7pm to 8am): Academic: 20 Mbps, Hostels: 135 Mbps
Between the hostels, the bandwidth will be allocated between the different blocks based on
occupancy. The NKN connection will be dedicated to specific labs/projects and other
requirements in the Academic block.
Other proposed Plan: To work with NKN to improve in bandwidth and stability for the
connectivity on day to day basis.
3. Tracking Internet usage
Total bandwidth usage per user will be tracked, and reviewed on a weekly/monthly basis.
The top 10 users (or those exceeding a defined threshold) will be notified. A mechanism for
Identifying and approving legitimate “heavy usage” will be worked out.
4. Connecting Devices and BYOD/IOT
All devices connecting to the IIITB network will need to be registered with IT Services, and
will be assigned IP addresses, with two devices for each student. This includes desktops,
laptops, tablets, mobile phones and any other devices requiring network access, wired or
wireless. This will ensure better Management of the health of the network, as also enable
compliance with provisions of the IT Act. This process rolled out in last year June 2017 in
phased manner and now it is stable from January 2018 onwards after implementing in Aruba
Clear Pass and Airwave WiFi Management software. For any modification or new registration,
students will need to bring their laptops/devices to the Data Center, where their MAC
addresses will be recorded and IP address assigned.
A calendar for upgradation and reconfiguration of WIRED AND WI-FI LAN and also WAN
network.
Currently we have multiple model of Wi-Fi Access points and Controller, So we have
problem in Managing and monitoring the Wi-Fi Network. So committee has decided to
go for Single Vendor OEM for entire Wi-Fi Network.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 21 of 88
Committee recommended to go for HP ARUBA WIFI Network solutions since we have
Wired Network and WI-FI network from HP for Last three years. IT committee will decide
based on Proposal From HP with respect to our IT Budget.
The planned dates are:
May 15, 2018 : 155 MBPS internet from TATA implementation
Jun 1, 2017 : Aruba Wi-Fi and Wired LAN implementation in entire campus Jun
8, 2017 : Pingdom or Uptrend monitoring system implementation.
Jun 10, 2017 : Register Faculty, Staff, Research Scholars MAC based authentication access
in clear pass
Jun 15, 2017 : New MTechs MAC address registration
Jul 31, 2017: All iMTechs/M.Sc (Digital Society)/other new programs
A special process for guest and short-term access will be worked out, though this will
essentially go through the same process.
5. Antivirus protection
It has been observed that a number of devices connected to the network are infected with
Viruses and impact the overall network traffic and quality. Since the network and internet
bandwidth are shared resources, it is important that we minimize the impact of such viruses.
Hence, all machines (initially desktops and laptops) connected to the Institute network will
need to have antivirus protection. Specifically, the McAfee Antivirus licensed by the Institute
will need to installed on all connected machines. For dual boot machines, the antivirus will
need to be enabled on both partitions. This will be tracked and enforced by the IT group,
and machines violating this will be taken off the network until they are made compliant. This
rollout will be along with the device registration described earlier while admission to the
IIITB programs in the month of July, 2017.
6. Print facility
We have network printing facility available for faculty and staff in Ground floor and First
floor. A separate printer service from outsourced vendor is available on request basis, And
also one we have provided one new printer for printing certain confidential and
administrative printing. Some of the Faculty have their own printers from project for the
purpose of research and they continue to use those.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 22 of 88
7. Budget and Expense Tracking
The IT budget for the year 2017-18 is 125 lakhs is in place. As per the new Finance process,
we will present and get approval for the projected expenses for each month, and track
expenses against that.
To enable this, we have started tracking the Plan/Forecast/Actual expenses on a monthly basis,
for the entire financial year.
At the end of each month, we will present the projected expense for the next month, as well
as a summary of the actual expenses year-to-date, and the forecast for the rest of the year
(all compared to the plan).
Computing and Networking for the Year 2018/2019/2020
Update 28 March, 2019
1. IT Policy
The current IT policy is being reviewed and updated in the current IT policy. Target for
Rollout: before July 10th,2019 . All students will be expected to sign this at the start of the
new academic year. The policy will also be applicable for faculty and staff.
Specifically:
1. All devices (laptops/desktops/tablets/mobiles) connecting to the Institute network
will need to be registered with IT services. No open access points will be provided
except for experimental/evaluation purposes. The process for such special access
points will be worked out on the basis of the Faculty request for labs or events.
2. Antivirus (MacAfee) Software to be mandatory on all laptops/desktops connected to
the Institute Network.
3. Blocking of illegal/blacklisted/inappropriate sites will continue as before.
4. Overall internet usage patterns will be tracked on a per user level, to the extent
required by law. In addition, total bandwidth usage per user will be tracked and heavy
users will be notified. Based on usage patterns, we will evaluate the need for special
Charges where usage exceeds an agreed to threshold, and not specifically approved
for a project.
2. Internet bandwidth 1 Gbps BSNL NKN and 512 Mbps from Net4India
The current bandwidth of upgraded from 100 Mbps to 512 Mbps (fibre 1:1 Premium from
NET4INDIA ISP) and 1 Gbps from BSNL NKN network, In parallel, optimization of internal
networks router, switches and Aruba Wi-Fi AP’s should help in better utilization of available
bandwidth.
Approved for upgradation cost:
Upgradation of the internet Bandwidth from ISP NET4INDIA IP’s. Which Costs: Rs. 15 lakhs
plus tax per year.
The combination of these should help improve internet experience on campus.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 23 of 88
Usage:
The available bandwidth will be shared between the academic and hostel segments, with the
ratio adjusted by time-of-day. This will be fine-tuned based on actual usage patterns.
Tentative assignment: from June, 2018-19
Daytime (8am to 7pm): Academic: 100 Mbps , Hostels: 100 Mbps
Nighttime (7pm to 8am): Academic: 100 Mbps, Hostels: 300 Mbps
Between the hostels, the bandwidth will be allocated between the different blocks based on
occupancy. The NKN connection will be dedicated to specific labs/projects and other
requirements in the Academic block.
3. Tracking Internet usage
Total bandwidth usage per user will be tracked, and reviewed on a weekly/monthly basis.
The top 10 users (or those exceeding a defined threshold) will be notified. A mechanism for
Identifying and approving legitimate “heavy usage” will be worked out.
A special process for guest and short-term access will be worked out, though this will
essentially go through the same process.
5. Antivirus protection
It has been observed that a number of devices connected to the network are infected with
Viruses and impact the overall network traffic and quality. Since the network and internet
bandwidth are shared resources, it is important that we minimize the impact of such viruses.
Hence, all machines (initially desktops and laptops) connected to the Institute network will
need to have antivirus protection. Specifically, the McAfee Antivirus licensed by the Institute
will need to installed on all connected machines. For dual boot machines, the antivirus will
need to be enabled on both partitions of the operating systems. This will be tracked and
enforced by the IT group, and machines violating this will be taken off the network until they
are made compliant. This rollout will be along with the device registration described earlier
while admission to the IIITB programs in the month of July, 2019.
6. Print facility
We have network printing facility available for faculty and staff in Ground floor and First
floor. A separate printer service from outsourced vendor is available on request basis, And
also one we have provided one new printer for printing certain confidential and
administrative printing. Some of the Faculty have their own printers from project for the
purpose of research and they continue to use those.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 24 of 88
7. Budget and Expense Tracking
The IT budget for the year 2019-20 is 133.70 lakhs is in place. As per the new Finance
process, we will present and get approval for the projected expenses for each month, and
track expenses against that.
To enable this, we have started tracking the Plan/Forecast/Actual expenses on a monthly basis,
for the entire financial year.
At the end of each month, we will present the projected expense for the next month, as well
as a summary of the actual expenses year-to-date, and the forecast for the rest of the year
(all compared to the plan).
IT BUDGET FOR 3 years from 2018 to Year 2019-20 and Projection budget for next 5 years
IT AND IS Expense Details in Lakhs
Actuals Budget Budget
Projection
Particulars 2018-
19
2019-
20
2020-
21
2021-
22
2022-
23
2023-
24
2024-
25
Computing and Internet
Spare Parts and consumables 8.21 6.5 7.3 7.65 7.9 8.9 9.9
Software 24.00 24 25.45 25.45 27.2 29.5 29.5
IT Services 58.50 61 77.35 83.35 83.35 90.2 95.2
Internet Charges 17.76 20 27 31 31 35 37
Data Card 0.28 0.5 0.5 0.5 0.5 0.5 0.5
AMC Computer 14.00 14.7 15.7 21.2 21.2 21.2 26.2
Sub Total 122.75 126.7 153.3 169.15 171.15 185.3 198.3
Operational Expense
Telephone
Land line 1.98 3 2.5 3 3 3 3
Mobile 1.23 3 2.5 3 3 3.5 3.5
AMC EPABX 0.39 1 4 1 1 1 1
Sub Total 3.60 7 9 7 7 7.5 7.5
Total 126.35 133.7 162.3 176.15 178.15 192.8 205.8
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 25 of 88
6 License Management Policy Purpose
To comply with applicable software licensing regulations.
To monitor usage of software licenses
Scope
This process applies to procured software, evaluation software, software on loan from
Industry partners and freeware.
Policy Statement
The policy explicitly states that IIITB shall use only licensed and approved software and follow
policies and procedures outlined below.
Policy
Software in IIITB will be duly licensed for use as per legal compliances and regulatory
directives. IIITB's office of Director & the IT department will be solely responsible for
acquiring and managing licenses in IIITB.
Evaluation software will be used as per the terms and conditions of the software.
Software on loan from Industry Partners shall be used as per the terms and conditions
specified.
Freeware shall be permitted for use provided it is authorized by the IT department.
Students & Staff will be held responsible for any unlicensed software found on their
machines. Any of the users using unauthorized software may be liable for disciplinary,
corrective, or penal action.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 26 of 88
Evaluation Software
Evaluation software is acquired to assess the functionality and relevance of such software to
either a task/project specific or the institution as a whole. Such software may be acquired on
physical media, or downloaded from the Internet.
Cadence
DOCKER
KALI
XILINX
GAUSSIAN
Uptrends
OS tickets
ZenOs
Responsibility
The responsibility of license management rests with the ISO, system/network administrators.
Maintaining the sanctity of license is the responsibility of end users including faculty, staff &
students.
Enforcement
The enforcement of this policy depends on how the software master lists are maintained and
updated. The process flow outlined with regard to the software request form has to be strictly
adhered to.
Any Student/Staff found to have violated this policy may be subject to disciplinary action.
Procedures
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 27 of 88
The different steps involved in managing such software are as follows:
Physical Media
The process involves the following steps:
The IT staff shall receive and pass on the media to the designated inventory personnel, who
will update the Software Master List, Media Management System database and automated
licensing tool with the necessary details such as name of software, number of licenses,
date of receipt, duration of validity etc.
A sample Software Master List is available in the Annexure.
The designated inventory personnel shall inform the concerned department head/Professor
about the receipt of the software.
The department head/Professor will request the helpdesk/IT team to install the software
via the ‘Software Installation Request’ form.
IT team will check for viruses and will install the software on the specified machine(s) as
per the steps outlined in the Chapter on Desktop Management under the section “IT
Support”.
Once the installation is done, the media will be returned to the designated inventory
personnel, who will update the Software Master List likewise.
When the evaluation period of the software is due for expiry, the designated inventory
personnel shall inform the concerned department head/Professor, who in turn will inform
the Helpdesk/IT team about the same.
The Helpdesk/IT team will uninstall the software unless the concerned department
head/Professor obtains formal extension for the evaluation period. The designated
inventory personnel will update the Software Master List to reflect the same.
Even in cases where IIITB Staff & students bring in the media, all the above-mentioned
steps will apply as well.
Downloads
To obtain evaluation software through download the process involves the following steps:
The requestor shall fill in the ‘Software Download Request’ form and will obtain approval
from the corresponding department head and the request inturn will be submitted to
the Helpdesk/IT department. All such ‘Software Download Request’ forms will be kept with
Helpdesk/IT department. The Helpdesk/IT department in case of a repeat request for the
same software will refer to these forms.
Helpdesk /IT department will then download the specified software as per the ‘Software
Download Request’ form, which is available with Helpdesk.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 28 of 88
Helpdesk/IT department will then download the specified software as per the ‘Software
Download Request’ form, which is available with Helpdesk/IT department.
The Helpdesk/IT department will inform the designated inventory personnel who will
update the Software Master List and automated licensing tool to reflect the same.
Procured Software
Procured software is software that is purchased by the institution for its use. This is categorized
into two, namely:
1. Standard software
2. Project specific software
Standard software
Standard software is the specific software that IIITB provides to every Staff & Students for the
day-to-day work. A list of standard software is to be maintained by the IT department.
The different steps involved in the license management of such software are as follows:
Software licenses may or may not be accompanied by media. If the software is
accompanied with media, Admin will receive and pass on the software to the Inventory
Officer. Subsequently the Inventory Officer will update the Software master list. The IT
department will check the media for viruses.
The Inventory Officer shall also update the Software Master List with the necessary details
such as name of software, number of licenses, date of receipt, etc.
When software has to be installed on a machine, department Head will direct the IT
department for installation of the software on the specified machine(s)
Once the installation is done, the media will be returned to the Inventory officer, who will
update the Software Master List.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 29 of 88
1. Microsoft Campus License
Sr. No.
Description
FTE
Count
1
Microsoft Campus - OVS Education Solution Desktop Edu ALNG Lic/SAPk OLV E 1Y ( Conisit of
Windows 10 Updg, MS Office Prof 2013, Windows
CAL, Exchange CAL, SCCM CAL, Sharepoint CAL, Lync
std CAL, Forefront EPP )
40
2
WinSvrStd ALNG LicSAPk OLV E 1Y Acdmc AP 2Proc 1
3
SQLCAL ALNG LicSAPk OLV E 1Y Acdmc Ent DvcCAL
40
4
SQLSvrStd ALNG LicSAPk OLV E 1Y Acdmc AP 1
5 Visual Studio ProwMSDN ALNG LicSAPk OLV E 1Y Acdmc
AP
5
Standard Software
7 McAfee Antivirus for Campus ( 1001 Users)
1001
8 MOODLE ( COURSE MANAGEMENT SOFTWARE) 1
9
HP Data Protector and Synology Backup software
1
2.Project and Tools Specific Software:
1. Cadence Software 10 users license
2. Matlab Software 10 users License
3. Library software Libsys
4. VMWARE
5. IEEE
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 30 of 88
6. ARUBA CLEAR PASS AND AIRWARE
7. TALLY ERP 9
8. SSL certificate for Website and Domain registration
9. Academia ERP
10. Relyon
11. Koha opensource
7 Backup & Recovery Policy
Purpose
The purpose of this policy defines a set of guidelines related to the backup and recovery of
IITB’s information and computing resources.
Scope
This policy applies to The Network and Systems Administrators in-charge of IIITB Information
and computing resources
All other IIITB Staff, Students, innovation center, contractors, consultants, temporaries and
other workers at IIITB including all personnel affiliated with third parties
All IIITB Information and computing resources include, but are not limited to, academic data,
related application systems and operating systems software, Desktop computers, Server and
core database storage, network devices, security devices, mobile computing devices, etc.
Policy
Backup and Recovery
Back-up copies of essential academic data and software shall be taken regularly by System
administrator and shall reflect the needs of the academic/research and also any legal and
regulatory requirements. In his absence, another personnel designated by the datacenter
administrator shall take backup.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 31 of 88
Adequate back-up facilities shall be provided to ensure that all essential
academic/research data and software could be recovered following a computer disaster
or media failure.
A formal documented backup plan and schedule shall be authorized by the The IT and IS
Manager and shall be implemented and followed by the System administrator.
The criticality, backup and frequency of backup of the information with respect to the
applications managed by the IIITB network shall follow the Backup plan. A monthly review
of the Backup plan shall also be conducted.
The IT and IS Manager shall formally intimate the System administrator about any new
applications and its data to be backed up. Similarly, the System administrator shall be
informed about discontinuing the backup of the applications systems no longer in use at
IIITB.
Desktop, laptop and hand held computers are not backed up by the system administrator.
IIITB Staff and students who use laptops or hand held computers shall ensure that these
are regularly backed up using external media such as floppy disks, CDs.
System Administrator shall be responsible for full back up, archiving and restoration of all
servers as nominated and listed as Core systems by the IT & IS Manager. The network
provided Home directories shall be backed up each night for "differential changes" and a
full system back up once per week. This shall include at a minimum: a) Servers
b) Databases
System/Network administrator shall be responsible for full backup, archiving, and
restoration of all the router configuration files and firewall rule bases.
Backup Controls
At least three generations of back-up data shall be retained for important applications.
System administrator shall establish and formally document an appropriate schedule of
full and incremental backups.
A minimum level of back-up information, together with accurate and complete records of
the back-up copies, shall be stored in a remote location, at a sufficient distance to escape
any damage from a disaster at the main site.
Back-up data shall be given a level of physical and environmental protection, consistent
with the standards applied at the main site. The controls applied to media at the main site
shall be extended to cover the back-up site.
Backup data shall be regularly checked, to ensure that they could be relied upon in an
emergency.
Data shall be retained for the period necessary to satisfy both business and legislative
requirements. Data owners shall identify the retention period for essential academic data,
and shall establish any requirement for archive copies to be retained.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 32 of 88
Backup Media and Security
The storage media used for the archiving of information must be appropriate to its
expected longevity.
The format in which the data is stored must be carefully considered, especially where
proprietary formats are involved.
It shall be ensured by System administrator that the media is regularly examined as per
the media vendor recommendations. The backup media shall also be replaced as per the
vendor recommendation on number of rewrites.
The backup media shall be appropriately labelled and numbered.
Backup media shall be controlled and physically protected. Appropriate operating
procedures shall be established to protect tapes, disks, data cassettes, input/output data
and system documentation from damage, theft, unauthorized access and virus attacks as
appropriate.
There shall be clearly documented procedures for the management of removable
computer media, such as tapes, disks, cassettes and printed reports.
Media containing unclassified but sensitive material shall be distributed through normal
channels. Media containing unencrypted, classified information shall be delivered through
approved safe hand channels only. A formal record of the authorized recipients of media
containing classified information shall be kept and receipt notification requested.
Media shall not be removed from the department without written authorization. An audit
record of all such removals shall be maintained.
All media shall be stored in a safe, secure environment, and in accordance with the
manufacturers' specifications.
Media no longer required and planned for release or disposal from the department shall
be purged in an approved manner before release. Media holding up to and including
CONFIDENTIAL information shall be overwritten with an approved utility; media having
held higher-grade information shall be destroyed.
Storage of backup
On-site data backup shall be maintained in safe custody, preferably outside the server
room and in a fireproof cabinet. The key to the cabinet shall be available only with the
System Administrator and the duplicate shall be kept with IT & IS Manager for emergency
use.
Off-site data backup shall be maintained at a location identified as ‘off-site’ by the IT & IS
Manager. Every two weeks, the backup media is moved to and from off-site location, it
shall be carried in sealed and tamper-proof envelope or pouch.
Backup logs
The backup logs maintained by the Systems Administrator should either be manual
registers or the reports generated by the system, which should be printed, and hard copies
maintained.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 33 of 88
Systems Administrator should also maintain the backup movement logs for the backups
at off-site location. Backup Restoration
The user should make an application to their Department Head (stating the reasons for
restoration) for approval of restoration of data. . Department Head should ensure that the
user has the right to access the data required for restoration prior to granting the approval.
Upon receiving the authorization, the data should be restored by the Systems
Administrator.
A log has to be maintained by the Systems Administrator which should contain date and
time along with name and signature of the person who required / requested for the
restored data. Log should also include number of backup media used for restoration.
All the backup media, which were used for restoration, should be returned to the offsite
location after the restoration is complete in a sealed and tamper proof envelope.
Restoration testing
To verify the readability of backup media, mock restoration tests should be carried out at
least once in 2 months on the Testing server.
The entire process should be documented detailing the test plan, the procedures executed
and the test results.
All the backup media, which were used for restoration, should be returned to the offsite
location after the restoration is complete in a sealed and tamper proof envelope.
It should be ensured that the restored data is deleted after successful completion of
testing.
Responsibility
Sr. IT & IS Manager is responsible for
Designating personnel responsible for backup operations Authorization of a
documented backup plan.
Deciding on the criticality, backup and frequency of information and application backup
Identification of ‘offsite’ for backup tapes.
System/network Administrator is responsible for
Taking Back-up copies of essential business data and software
Implementing the formally documented backup plan
Establishing and formally documenting an appropriate schedule of full and incremental
backups.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 34 of 88
Backup, archiving and restoration of all servers
Full backup, archiving, and restoration of all the router configuration files and firewall rule
bases
Backup Media and Security
Maintaining the backup logs
Storage of backup
Request Forms
Restoration Request & Details Form
Request for restoration of backup
Name of the user:
Date
Department:
Signature of the user:
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 35 of 88
Reasons for restoration:
Name of the system and
data to be restored:
Authorized by and remarks:
Restoration details:
Date
Time
& Backup
used
media On-site/
Off-site
Performed
by
User’s sign-
off
Backup
returned on
Backup Register
Date Time Particulars Size Media Label Performed
by
Remarks
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 36 of 88
Note:
Particulars: reflect details regarding servers, directories and files backed up
Media: denotes the various types of backup devices used such as dat tapes, floppy diskettes,
DLT tapes, CDs, client PC hard disc, mirroring server, hot sites etc.
Label: shows the name label and number of the backup media used e.g. ‘Friday -1’.
Off-site Backup Movement Register
Date Time Backup media From To Performed
by Remarks
8 Password Policy
Purpose
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 37 of 88
Passwords are an important aspect of IIITB’s IT security. They are the front line of protection
for user accounts. A poorly chosen password may result in the compromise of IIITB’s entire
enterprise network and information assets. As such, all IIITB’s Staff & Students (including
contractors and vendors with access to IIITB systems & resources) are responsible for taking
the appropriate steps, as outlined below, to select and secure their passwords. The
document states the password policy for User’s / Logon IDs on IIITB’s domain.
To gain the access to the resources in IIITB’s Network, users need to logon to IIITB
environment/domain. Based on user's role and profile, access to certain resources has been
provided.
The purpose of this policy is to establish a standard for creation of strong passwords, the
protection of those passwords, and the frequency of change.
Scope
The scope of this policy includes all personnel who have or are responsible for an account (or
any form of access that supports or requires a password) on any system be it a desktop
,laptop, servers, network and security devices, that resides at any IIITB facility, has access to
the IIITB network, or stores any non-public IIITB information. This includes users on Windows
or UNIX platform/Linux plat forms (Multiplatform environment).
Policy Statement
The Policy states that, the information assets of IIITB would not be compromised because of
weak passwords in systems and infrastructure devices which host it.
To provide a mechanism to maximize the security of information stored on IIITB’s IT
infrastructure through the appropriate use of passwords.
Passwords are assigned to each individual as a method to control and monitor their unique
access to systems and information, and should never be shared with others.
Policy
As a policy – all logon IDs in IIITB’s domain should have password as per the following
details
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 38 of 88
Length of password: The password should be of minimum eight alphanumeric
characters. Password selected should be case sensitive.
Characters in Password: Should contain both upper and lower case characters (e.g.,
a-z,
A-Z)
Content of password: Should have digits and punctuation characters as well as letters
e.g., 0-9, @#$%^&*()_+|~- =\`{}[]:";'<>?,./)
Password History: Previous five passwords cannot be repeated. This means users
cannot use the last five passwords.
Maximum Password Age: Password expires after 90 days after it was last changed.
However it gives a warning message after 70 days. However users can change the
password at there wish before 90 days as well.
Minimum Password Age: Once the user changes the password, he/she should not be
able to change the password within 1 day.
Account Lockout: Account will get locked after 3 Invalid logon attempts. This is to
prevent any other user trying for your password for long.
Passwords shall not be displayed in any environment (including on office walls, desks
and workstations) at any time, including during sign-on procedures.
Compromised passwords, or those suspected of being compromised, shall be
immediately changed.
Passwords stored in computer files and/or documentation shall be encrypted.
Password reset will be done by IT Team on request, if user forgot the password or user
does not remember the password.
User is responsible for all actions and functions performed by his/her account.
Responsibility
All students and Staff are responsible for strictly adhering to the policy guidelines mentioned.
Enforcement
Any Student/Staff found to have violated this policy may be subject to disciplinary action.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions: Murugan
IIITB Confidential Jan 1st 2019 Page 39 of 88
Procedures
Strong Password Characteristics: Passwords are used for various purposes at IIITB. Some of
the more common uses include; user level accounts, web accounts, email accounts, screen
saver protection, voicemail password, and local router logins. Everyone should be aware of
how to select strong passwords.
Are not a word in any language, slang, dialect, jargon, etc
Are not based on personal information, names of family, etc.
Passwords should never be written down or stored on-line. Try to create passwords that
can be easily remembered. One way to do this is create a password based on a song title,
affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To
Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other
variation.
NOTE: Do not use either of these examples as passwords!
Do not use the same password for IIITB’s accounts as for other non-IIITB access (e.g.,
personal ISP account, Internet mail services, net-Banking etc.). Where possible, don't use
the same password for various IIITB access needs. For example, select one password for
the Personal use and a separate password for IT systems. Also, select a separate password
to be used for an NT account and a UNIX account.
Do not share IIITB passwords with anyone, including administrative assistants or
secretaries. All passwords are to be treated as sensitive, Confidential IIITB information.
General Password Construction Guidelines:
All system-level passwords (e.g., root, enable, Domain Admin, application administration
accounts, etc.) must be changed on at least a quarterly basis.
All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at
least every 60 days.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 40 of 88
Passwords must not be inserted into email messages or other forms of electronic
communication
Where SNMP is used, the community strings must be defined as something other than the
standard defaults of "public," "private" and "system" and must be different from the
passwords used to log in interactively. A keyed hash must be used where available (e.g.,
SNMPv2).
All user-level and system-level passwords must conform to the guidelines described above
Here is a list of "don’ts":
Don't reveal a password over the phone to ANYONE
Should not be a word found in a dictionary (English or foreign)
Should not be a common usage word such as
Names of family, pets, friends, co-workers, fantasy characters, etc.
Computer terms and names, commands, sites, companies, hardware, software.
The words “IIITB”, ”International Institute of Information Technology Bangalore”,”
Welcome” or any derivation
Birthdays and other personal information such as addresses and phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Any of the above spelled backwards.
Any of the above preceded or followed by a digit (e.g., secret1, 1secret)
Don't reveal a password in an email message
Don't talk about a password in front of others
Don't hint at the format of a password (e.g., "my family name") Don't reveal a
password on questionnaires or any forum.
Don't reveal a password to the boss
Don't share a password with family members
Don't reveal a password to co-workers while on vacation
Do not use the "Remember Password" feature of applications (e.g., IE, Crome, Firefox,
Outlook, Etc…).
Again, do not write passwords down and store them anywhere in your work area. Do not
store passwords in a file on ANY computer system (including Palm top or similar devices)
without encryption.
“Do’s”
Change passwords frequently as per the policy.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 41 of 88
If an account or password is suspected to have been compromised, report the incident to
Helpdesk/IT department and change all passwords.
IIITB, IT department may perform password cracking or guessing on a periodic or random
basis. If a password is guessed or cracked during one of these scans, the user will be
required to change it.
Password Change Process:
Users will be able to change the password at any point of time using the below mentioned
methods:
Windows Specific
LAN users: From Windows 2000 professional/Windows XP press Ctrl+Alt+Del and click Change
password.
Remote users: Users can change the password through web mail. For that, while you are on web
mail, go to “Options click Change password. (or contact Sysadmin for support) Request to use
the above mentioned methods in case of password expiry.
Password Reset Process:
On user request following details will be verified before Helpdesk/IT department change the
password of the user: (In case user himself is not directly present in front of IT personnel send
mail from your personal mail with some ID proof details mentioned below for genuine user
check)
Full Name / NT alias name
Student/Staff ID / DOB
Student Roll number
Any random questions to check he is valid user like Domain LoginID etc.
Blood Group
Mobile or Residence number
Only if the Helpdesk/IT Department confirms the authenticity of the user the password will be
changed and passed on by Phone. Once the password is changed, every user will be forced to
change password at next logon.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 42 of 88
Account Lockout process:
As per the policy the Account will get locked after 3 Invalid logon attempts. This is to prevent
any other user trying for your password for long.
However user can request for unlocking of password to Helpdesk/IT department.
On user request following details will be verified before Helpdesk/IT department Unlock the
account of the user: (In case user himself is not directly present in front of Helpdesk).
Full Name / alias name
Student/Staff ID / DOB
Any random questions to check he is valid user like Domain LoginID etc. His Roll
number
Mobile or Residence number
Only if the Helpdesk/IT Department confirms the authenticity of the user the account will be
unlocked and intimated to the user.
9 Internet & Intranet Security Policy
Purpose
The purpose of this policy is to establish management direction to procedures and
requirements to ensure appropriate protection of IITB’s information and equipment by
Internet & Intranet connections.
Scope
This policy applies to all faculty, staff, students, employees, incubation companies’ staff,
contractors, consultants, temporaries, and other users at IITB's Network, including those users
affiliated with third parties who access IIITB’s computer networks. Throughout this policy, the
word "users" will be used to collectively refer to all such individuals in general. The policy also
applies to all computer and data communication systems owned by and/or administered by
IIITB.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 43 of 88
Policy Statement
All information travelling over IIITB's computer networks that has not been specifically
identified as the property of other parties will be treated as though it’s an IIITB asset. It is the
policy of IIITB to prohibit unauthorized access, disclosure, duplication, modification, diversion,
destruction, loss, misuse, or theft of this information.
In addition, it is the policy to protect information belonging to third parties that has been
entrusted to IIITB in confidence as well as in accordance with applicable contracts and industry
standards.
To ensure compliance with applicable statutes, regulations, and mandates regarding the
management of information resources.
To establish prudent and acceptable practices regarding the use of the Internet.
To educate individuals who may use the Internet, the Intranet, or both with respect to their
responsibilities associated with such use.
Unless specifically stated otherwise, all statements and policies will apply to both the
Intranet and the Internet.
Policy
The new resources, new services, and interconnectivity available via the Internet all introduce
new opportunities and new risks. This policy describes IIITB’s official policy regarding Internet
security and addresses the risk aspect.
Internet Access Restrictions
IIITB IT department reserves the right to exclude from Internet access to those services
that have no reasonable relationship to the functioning of IIITB.
The Internet usage timings shall be strictly controlled.
Internet Rules of Behaviour
Using IIITB Internet facilities or equipment to make abusive, unethical or "inappropriate" use
of the Internet shall not be acceptable. Examples of inappropriate employee Internet use
include, but are not limited to, the following:
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 44 of 88
Conducting or participating in illegal activities like gambling
Accessing or downloading pornographic material
Solicitations for any purpose which are not expressly approved by institution management
Revealing or publicizing proprietary or confidential information
Representing personal opinions as those of the institution
Making or posting indecent remarks
"Flaming" (e.g. malicious written attacks directed at someone) or similar written attacks
Uploading or downloading commercial software in violation of its copyright
Uploading or mailing of company’s confidential documents
without the permission/authorization of the concerned parties.
Downloading any software or electronic files without reasonable virus protection measures
in place
Intentionally interfering with the normal operation of any other organizations Internet
gateway
Prohibitions on User Internet Activities
To prevent any appearance of inappropriate conduct on the Internet and to reduce risk
exposures to the organization, users shall not:
Enter into contractual agreements via the Internet; e.g. enter into binding contracts on
behalf of the institution over the Internet
Use the institution logos or the institution materials in any web page or Internet posting
unless it has been approved, in advance, by the institution management
Use software files, images, or other information downloaded from the Internet that has
not been released for free public use
Introduce material considered indecent, offensive, or is related to the production, use,
storage, or transmission of sexually explicit or offensive items on the institution network
or systems
Attempt to gain illegal access to remote systems on the Internet
Attempt to inappropriately telnet to or port scan remote systems on the Internet
Use or possess Internet scanning or security vulnerability assessment tools
Post material in violation of copyright law
Establish Internet or other external network connections that could allow other
organisation users to gain access into IIITB’s systems and information assets
Authentication Required for Internet Access to IIITB’s Systems
All users wishing to establish a trusted connection via the Internet with the IIITB’s systems shall
authenticate themselves at the existing authentication mechanism before gaining access to
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 45 of 88
the institution internal network. (Currently each device user provided MAC based
Authentication by Aruba ClearPass)
All Internet/Intranet users are expected to be familiar with and comply with these policies. Any
queries in this regard should be directed to the Head of IT. Violations of these policies can
lead to revocation of system privileges and/or disciplinary action.
Responsibility
Management Responsibility:
Management of IIITB is responsible for:
Enforcing the policy
Conducting user awareness sessions.
User Responsibility:
Users of IIITB’s Network Internet connections must:
Know and apply the appropriate IIITB Network policies and practices pertaining to Internet
security.
Not permit any unauthorized individual to obtain access to IIITB Network Internet
connections.
Not use or permit the use of any unauthorized device in connection with IIITB's Network
personal computers.
Not to use IIITB Network Internet resources (software/hardware or data) for other than
authorized institution purposes.
Maintain exclusive control over and use of his/her password, and protect it from
inadvertent disclosure to others.
Select a password that bears no obvious relation to the user, the user's organizational
group, or the user's work project, and that is not easy to guess. Please refer to IIITB’s
Password Policy for details.
Ensure that data under his/her control and/or direction is properly safeguarded according
to its level of sensitivity.
Report to the IT Manager or IT Support staff for any incident that appears to compromise
the security of IIITB's Network information resources. These include missing data, virus
infestations, and unexplained transactions.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential Jan 1st 2019 Page 46 of 88
Access only the data and automated functions for which he/she is authorized in the course
of normal business activity.
Obtain course supervisor authorization for any uploading or downloading of information
to or from IIITB Network multi-user information systems if this activity is outside the scope
of normal learning activities.
Make backups of all sensitive, critical, and valuable data files as often as is deemed
necessary.
Enforcement
Violations of these policies can lead to revocation of system privileges and/or disciplinary
action.
Procedures
Information Movement
All software downloaded from non-IIITB Network sources via the Internet must be screened
with virus detection software prior to being opened or run. Whenever the provider of the
software is not trusted, downloaded software should be tested on a stand-alone (not
connected to the network) non-production machine. If this software contains a virus, worm,
or Trojan horse, then the damage will be restricted to the involved machine.
All information taken off the Internet should be considered suspect until confirmed by
separate information from another source. There is no quality control process on the Internet,
and a considerable amount of its information is outdated or inaccurate.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 47 of 88
It is also relatively easy to spoof another user on the Internet. Likewise, contacts made over
the Internet should not be trusted with IIITB's information unless a due diligence process has
first been performed. This due diligence process applies to the release of any internal IIITB
information.
Users must not place IIITB’s material (software, internal memos, etc.) on any publicly accessible
Internet computer that supports anonymous file transfer protocol (FTP) or similar services,
unless the office of Director or the respective stake holder has first approved the posting of
these materials.
In more general terms, IIITB’s internal information should not be placed in any location, on
machines connected to IIITB's Networks, or on the Internet, unless the persons who have
access to that location have a legitimate need-to-know.
All publicly write able (common/public) directories on IIITB’s Internet-connected computers
will be reviewed and cleared periodically. This process is necessary to prevent the anonymous
exchange of information inconsistent with IIITB’s business.
Information Protection
Wiretapping and message interception is straightforward and frequently encountered on the
Internet. Accordingly, IIITB’s secret, proprietary, or private information must not be sent over
the Internet.
Unless specifically known to be in the public domain, source code must always be encrypted
before being sent over the Internet.
Credit card numbers, Debit card numbers, telephone calling card numbers, log in passwords,
and other parameters that can be used to gain access to goods or services must not be sent
over the Internet in readable form.
In keeping with the confidentiality agreements signed by all Faculty, Staff & Students, IIITB’s
research findings, software, documentation, and all other types of internal information must
not be sold or otherwise transferred to any non-IIITB party.
Exchanges of software and/or data between IIITB and any third party should not proceed
unless a written agreement has first been signed. Such an agreement must specify the terms
of the exchange, as well as the ways in which the software and/or data is to be handled and
protected.
IIITB strongly supports strict adherence to software vendors’ license agreements. When at
work, or when IIITB computing or networking resources are employed, copying of software in
a manner that is not consistent with the vendor's license is strictly forbidden.
Likewise, off-hours participation in pirate software bulletin boards and similar activities
represent a conflict of interest with IIITB's ethics, and are therefore prohibited. Similarly,
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 48 of 88
reproduction of words posted or otherwise available over the Internet must be done only with
the permission of the author/owner.
Expectation of Privacy
Students & Staff using IIITB's information systems and/or the Internet should realize that their
communications are not automatically protected from viewing by third parties.
At any time and without prior notice, management/IT Staff reserves the right to examine email,
personal file directories, and other information stored on computers. This examination assures
compliance with internal policies, supports the performance of internal investigations.
Resource Usage
IIITB's Network encourages Students & Staff to explore the Internet, but if this exploration is
for personal purposes, it should be done on personal, not on institution time. Likewise, games,
news groups, and other non-business activities must be performed on personal, not on
institution time.
Use of computing resources for these personal purposes is permissible so long as the
incremental cost of the usage is negligible, and so long as no business activity is pre-empted
by the personal use. Extended use of these resources requires prior written approval of the
respective stake holder.
Based on the usage pattern and status of Bandwidth, IIITB can implement web filtering of
certain sites. Such list will be published to the Staff & Students and will be updated on regular
basis.
Public Representations
Faculty, Students & Staff must not publicly disclose internal network information via the
Internet that may adversely affect IIITB’s credibility or public image unless the approval of the
Office of the Director or Head of IT has first been obtained.
Care must be taken to properly structure comments and questions posted to mailing lists,
public news groups, and related public postings on the Internet. If Faculty, Students & Staff
isn’t careful they may let undesirable elements know that certain internal projects are
underway. If a Student/Staff is working on an unannounced product, a research and
development project, or related confidential matters, all related postings must be cleared by
the one's Professor prior to being placed in a public spot on the Internet.
Reporting Security Problems
If sensitive IIITB's Network information is lost, disclosed to unauthorized parties, or suspected
of being lost or disclosed to unauthorized parties, the IT Team must be notified immediately.
If any unauthorized use of IIITB's information systems has taken place, or is suspected of taking
place, the IT team must likewise be notified immediately.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 49 of 88
Similarly, whenever passwords or other system access control mechanisms are lost, stolen, or
disclosed, or are suspected of being lost, stolen, or disclosed, the IT team must be notified
immediately.
Because it may indicate a computer virus infection or similar security problem, all unusual
systems behavior, such as missing files, frequent system crashes, misrouted messages, and the
like must also be immediately reported. The specifics of security problems should not be
discussed widely but should instead be shared on a need-to-know basis.
10 Antivirus Policy
Purpose
This policy establishes information security requirements for the IIITB as well as for all affiliates
faculty, staff and students. This policy is to ensure that IIITB’s confidential information and
technologies are not compromised, and that production services and other IIITB interests are
protected from Viruses, Worms & Trojans.
This policy defines a set of guidelines to provide the IIITB’s computers and computer systems
with comprehensive protection against computer viruses and malicious code and the
responsibilities of IIITB’s network users in protecting the network and responding to a virus
threat to prevent major and widespread damage to user applications, files and hardware.
Scope
This document addresses policies and procedures related to the antivirus control for the IIITB
information assets. This policy is applicable to all the IIITB IT team. This is also applicable to all
the users of the IIITB network.
Policy Statement
The Policy states that all information assets of IIITB will be protected from malicious codes,
Viruses, worms and Trojans by way of effectively enforcing the antivirus policy of IIITB.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 50 of 88
Policy
The anti-virus policy is designed to deal with the known virus that IIITB IT team is aware of &
also the zero day vulnerabilities that may arise.
General Guidelines are:
Deployment and Configuration of anti-virus software
All computers of IIITB including servers, desktops & laptops shall have standard and
supported anti-virus software installed.
The virus scanner shall be scheduled to run to scan for viruses at regular intervals. The
scanning engines must be chosen to ensure defense in depth. Anti-virus controls must be
placed such that any foreign content entering the organization is scanned by at least two
different anti-virus technologies.
A Centralized antivirus server shall be deployed to check all the incoming and outgoing
traffic through Internet. The server shall be configured to verify against the virus signatures
for both incoming and outgoing data/files of Email/message, ftp and http servers.
Antivirus activities shall be centrally managed. Central monitoring and logging console
shall be deployed, to monitor the status of pattern updates on all the computers and to
log the activities performed on them.
The IT& IS Manager shall identify a person or a team that is responsible for creating
procedures that ensure anti-virus software is run at regular intervals, and computers are
verified as virus-free.
Maintenance/Updating of software
Anti-virus software scanning engine and the virus signature files shall be kept up-todate.
The time of updating the virus patterns shall be kept minimized. The time frame acceptable
for updating the new pattern file shall be maximum 8 hours after the release of the patch.
Periodic audit on all the users’ desktops and laptops shall be performed to ensure that
proper and latest version of virus engines and the definitions files are running and no virus
threat exists. The user himself shall ensure that the XYZ approved Antivirus software is
running on his working machine.
All servers must have real-time and “batch” scanning enabled.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 51 of 88
Containment and Managing of virus incidents
In the event of a virus outbreak, System-admin or IT Staff shall initiate appropriate action
to contain virus infections and assist in their removal.
Virus-infected computers shall be removed from the network as soon as they are
identified, until they are verified as virus-free.
Software downloaded from electronic bulletin boards, shareware, public domain software,
the internet and other software from untrusted sources shall be prohibited unless prior
authorization is received from the IT Department.
A memory-resident virus protection program or a virus-scanning program shall be used
on all files downloaded from diskettes, tapes, CD ROMs, or electronic connections.
All hard disks serviced, or newly installed workstations (including portables) are scanned
for viruses before use.
Virus protection programs shall not be disabled.
All virus detection incidents shall be logged, along with the action taken; Quarantine,
Deletion or Successful cleaning.
Logs shall be maintained on the Centralized antivirus server, and Alerts shall be configured
to send warnings to the Incident Response Team and the originator of the email.
All backups shall be checked for viruses during backup schedule. All restorations shall be
checked for Viruses, before a restoration is made.
When critical vulnerabilities are announced for application software, the patches shall be
made quickly so that the window of exposure is very small. Application software shall
include at a minimum, Windows7 or Windows10, Outlook, Internet Explorer, etc.
Awareness and training
System Administrator shall maintain current knowledge and expertise on viruses and virus
protection. This shall be kept up to date through suitable staff training, awareness and
access to resources.
ISO/IT-Manager shall conduct a regular user awareness session for all staff on virus clean
systems.
Responses to a virus infection
Users must immediately call the Desktop Information Systems Help Desk/IT staff when
they believe a system has been infected. The Incidence Response Team shall be then be
contacted if required.
The following information shall be provided if known: virus name, extent of infection,
source of virus, and potential recipients of infected material.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 52 of 88
The policy will cover the following areas:
Desktop’s
Server’s
Email’s
Firewall’s
User awareness
For a detailed configuration and maintenance of the above mentioned devices refer to the
procedures.
Responsibility
IIITB IT Associates and users (faculty, Students & Staff) at individual location are responsible
for the implementation and execution of this policy. IT & IS Manager is responsible for the
monitoring of the successful implementation of policy. IT manager can initiate a revision in
the policy.
Enforcement
Any Student/Staff found to have violated this policy may be subject to disciplinary action. The
IT staff would is also empowered to take the affected system/device out of the network,
without prior warnings what’s so ever.
Procedures
The policy procedures will cover in detail the procedures to be implemented in the IT
infrastructure of the IIITB to protect it against the virus threats.
The policy is designed to meet following types of viruses -
Boot track and partition table virus
Executable file virus
Multipartite, parasitic, stealth and polymorphic virus
Trojans and worms
Malicious code and self-updating malicious code
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 53 of 88
Desktop Policy and Procedure:
This policy and procedures are applicable to all the desktops that are installed in the IIITB
infrastructure. This is also applicable to all the partners or customers desktop/laptop that are
connected to the IIITB infrastructure on a temporary basis.
Antivirus Software:
IIITB approved antivirus software has to be installed on all the desktops that are connected
to IIITB infrastructure on a temporary or permanent basis. This is applicable to all the laptops
which are disbursed among the students and staff.
Antivirus Signature
Antivirus signature must be updated on the entire desktop automatically when the antivirus
signature is updated. In case of a virus outbreak the desktop should be forced to update the
virus signature and IT team should ensure that the entire desktop in the IIITB infrastructure
has an updated virus signature.
Desktop Antivirus Configuration
All the desktops/laptops in the IIITB infrastructure should be configured as per the following
configuration –
Enable system real time protection.
Enable start-up scanning of memory, master/boot record, and system files.
Enable scanning of all the files in your system.
Logging should be enabled for all the desktop virus related activity.
Schedule a scan of the desktop daily.
All virus related security patches should be installed on all the desktops.
Set site attribute of wsock32.dll to read only.
Set the attribute of normal. dot to read only.
Enable the floppy to be scanned before use by the desktop.
Software will be installed only from approved internal server to limit exposure to
contaminated software.
Server Antivirus Policy
Servers are the centralized resource for all the staff & students and it should be adequately
protected since it can become the probable cause of widespread of virus.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 54 of 88
Following procedures have to be implemented on all the servers in IIITB infrastructure:
IIITB approved antivirus software for servers should be installed on all the servers.
Update the virus signature regularly.
Use centralized virus management for all the servers.
Email Antivirus Policy
Email is the common application used by the IIITB Faculty, Staff & Students and it is the most
common means of virus outbreak, the email policy describes the procedures to limit the
virus outbreak through email.
Configuration of Mail Server
Following policies are applicable to the exchange server installed in IIITB -
IIITB approved antivirus software for exchange server should be installed on all the
exchange servers.
Antivirus software should be configured to scan all the incoming and outgoing mails.
The sender and recipient should be notified about the virus if found in the mail.
Antivirus software should be configured to update the virus signature daily.
In case of a virus outbreak from a particular user, the user should be disabled till the virus
is cured.
IT team should be able to rapidly adjust the filtering rule in case of a virus outbreak.
Configuration of Mail Client
The mail client should be configured properly to prevent the virus outbreak in the network.
User uses different mail client for accessing mail. IIITB supports three mail clients Outlook,
Outlook Express, Netscape, Webmail (OWA), and Thunderbird
The following procedures are applicable to these clients only –
Outlook
Set Internet Explorer security setting in the Internet Zone to high.
Disable activex and active scripting.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 55 of 88
Outlook Express
Disable open and /or preview panes
Set Internet Explorer security setting in the Internet Zone to high.
Netscape
Disable java script.
Policies for all mail clients
All the mail clients should be configured to implement the following policies -
Mail client should be configured for plain text only.
Configure to challenge execution of all *.exe, *.hta, *.vbs and other executables.
Configure to challenge opening of all *.doc and *.xls files. Turn off auto-open
attachment.
Firewall Security Policy
1. Indroduction
1.1 Scope: This Policy establishes which services are allowed through our current firewall and
in which direction these services operate. We also attempt to define whether or not the
default is normally open or closed.
1.2. Definitions. A Firewall is a system (or network of systems) specially configured to control
traffic between two networks. A Firewall can range from a simple packet filter, to multiple
filters, dedicated proxy servers, logging computers, switches, hubs, routers and dedicated
servers. A gateway or host is a secured computer system that provides access to certain
applications. It cleans outgoing traffic, restricts incoming traffic and may also hide the
internal configuration from the outside.
1.3. Why Use a Firewall?
• Each external connection to the internal network should be secured so
that it does not reduce the security of the internal network. The
security of the network is only as secure as its weakest link.
• Every enterprise should have a firewall and/or security policy, and
connections to external networks should conform to that policy.
Normally, this is only possible through some kind of firewall.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 56 of 88
• A firewall can stop confidential information from leaving a network
and attackers from entering it.
• It can provide detailed statistics on communication between the
networks (for example, who used what service and how often, as well
as showing details of performance and bottlenecks).
• It can provide logging and audit trails of communications; the analysis
of logs can be used to detect attacks and generate alarms.
• However, a strong firewall doesn't mean that the internal host security
is no longer needed - on the contrary, most successful attacks come
from insiders!
• Our policy is to take a widely used firewall solution and use it for all
external connections.
• Examples of technical threats addressed by firewalls include IP
spoofing, ICMP bombing, masquerading and attempts to gain access
to weakly configured internal machines.
• Examples of risks reduced by firewalls are attacks from curious and
malicious hackers, commercial espionage, accidental disclosure of
company data (i.e. customer, employee and corporate data) and
denial-of-service attacks.
2. Internet Firewall Policy
• 2.1. Security Requirements.
• 2.1.1. Access Control. All internet access from the Institute network
must pass over the situated firewall. The default configuration, unless
otherwise specified, is that services are forbidden. All users are allowed
to exchange emails in and out through the firewall. IT department
users are allowed to use www, ftp, https; others require authorisation.
• 2.1.2. Assurance. Firewall machines are to be installed as sensitive
hosts. All unnecessary services are to be stopped. Users should not be
able directly to logon to these machines, but only through the IT
department's machines. The firewall policy and configuration must be
accurately documented. The firewall machines must be subject to
regular monitoring and yearly audits. Users and Firewall
administrators should be aware of their responsibilities and be
educated so that they can assume these responsibilities.
2.1.3. Logging. Detailed logs must be kept (where possible on a separate server).
They should be automatically analysed, with critical errors generating alarms. Logs
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 57 of 88
should be archived for at least six months and up to one year. The non-trivial log
entries should be examined daily.
2.1.4. Availability. The firewall must offer high availability and fulfil the resilience
requirements (including backup/restores functions etc.) Processes exist for the
change of management and incident response.
2.2. Required Functionality.
2.2.1. Outgoing services. The following services are required from specific internal
hosts (e.g. via proxies) to the internet:
• SMTP,POP,IMAP,SSL,HTTPS, secure login through VPN, www (http),
SSH,
• DNS (resolve Internet names),
• News (NNTP),
• NTP (Network Time service),
• Office 365 port 587,993,
• On request based ftp, telnet,
2.2.2. Incoming Services. The following Internet services need to be allowed in:
• Email: all users should be able to receive internet email
• News (NNTP)
• Secure Logins via VPN + SSH
• https
• RDP
• Institute IT Services IP Ranges.
Anyone requiring other internet services will need to ask the IT department for
authorisation. Access from the hosts to the internal network follows the same rules as
access to internet hosts and should always use VPN.
2.2.3. Special Services provided to the Internet. These include:
• www Servers (like LMS, Academia, Libsys, cadence, Matalab etc..);
• Institute Guest, Events,
• Eventually a User ftp Server for special projects / collaboration with
other companies;
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 58 of 88
Internal Server access for specific remote access by third party Companies that
maintain internal systems (Website, Academic solutions, Microsoft mail support).
These are provided a specific location IP and sometimes an assigned port.
2.3. Monitoring. The Institute Computing department will continue to monitor, evaluate,
develop and, where applicable, incorporate new rules and checks into the firewall. The
Institute Computing department will also monitor the traffic going through the firewall, to
identify any threats or misuse of the network.
Antivirus Policy
Firewall is the main entry point of all the communication in the IIITB infrastructure. Firewall
should be configured as per the policy below to stop the virus at the gateway only – (this is
applicable only if the firewall application resides on OS and firewall is essentially not a device).
IIITB approved antivirus software for firewall should be installed.
Firewall should be configured to scan all the HTTP, FTP and SMTP traffic through it.
Firewall should be configured to block the ActiveX control.
Users Policy
User should follow the policies below to restrict the virus outbreak in the network. Each user
is responsible for the virus outbreak due to his/her negligence.
Users shouldn’t open attachment from unknown users.
Users should not use IIITB infrastructure to send or receive mails containing attachment as
jokes, greetings cards, fun attachment and sexually oriented attachments, as they are the
cause of virus infection.
Users shouldn’t visit any pornographic sites as these sites download certain programs
containing virus.
Users shouldn’t download any unknown programs.
User Awareness Policy
Users should be educated to understand the potential damage caused by the virus.
Following policies should be followed to educate the users –
Educate user regarding the potential damage of the email attachment. Appraise them to
open the attachment from known sources.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 59 of 88
IT team should appraise the new user about the potential risks involved with the email
system and appraise him/her about the user responsibility.
11 Physical Security
Purpose
This policy details the physical and environmental criteria necessary to protect sensitive IT
systems, information and assets of IIITB.
Scope
This policy applies to
• All IIITB Students, Faculty, Staff, Incubation staff, contractors, consultants, and other
workers at IIITB including all personnel affiliated with third parties.
• All IIITB information resources including academic data, applications and systems software,
physical buildings, critical business areas and equipment that is owned or leased, utilities
and services supporting IT.
The policy also includes utilities and services supporting information processing facilities
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 60 of 88
Policy
General policies
Only authorized individuals shall have access to IIITB's physical information systems resources.
Physical information systems resources include, but are not limited to, computer rooms,
electronic mail facilities, communications wiring rooms ("smart closets"), network control areas
(LANs, application servers, file servers), technology centers, incubators and workstations.
IIITB information located in non-IIITB physical areas, such as employee residences, customer
sites and while travelling must also be protected.
No IIITB Students, Staff, contractor, consultant, or others performing on behalf of or for IIITB
is entitled to an expectation of privacy with respect to IIITB's information systems resources.
A personal workstation/laptop is an IIITB information systems resource and, as such, shall be
secured from loss, theft and accidental or unauthorized use or modification.
Personal computers/Laptops may not be used to develop programs or data, or to prepare
documents, for purposes unrelated to IIITB functioning, without prior authorization from the
appropriate stake holders.
Students, staff and non-affiliated visitors permitted within IIITB physical information systems
resource area shall display approved, visible identification (e.g., a badge) at all times.
Students, Staff and non-affiliates who are visiting IIITB physical information systems resource
area shall obtain permission from the necessary stake holder of the area to be visited and shall
log in and log out.
Logical and procedural measures shall be established to prevent and detect attempts to
disrupt IIITB operations, or to enter or depart from restricted areas in an unauthorized manner.
Response to attempted disruptions or any unauthorized system access shall be timely and
appropriate.
IT Team is committed to maintaining security with regard to all assets, including those that are
tangible, intangible, material, or information-oriented.
IT Team establishes goals and responsibilities for the protection of the IIITB’s information
assets as they relate to data (magnetic, image, text, and/or voice) and computer software
within internal systems. This includes the prevention of misuse or loss of information assets,
establishing the basis for audits and self-assessments, and preserving the ABC’s options and
legal remedies in the event of information asset loss or misuse.
All Faculty, Staff and Students or authorized agents of the IIITB are responsible for ensuring
the integrity and accuracy of the IIITB’s data; providing for the privacy of propriety, trade
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 61 of 88
secret, personal, privileged, or otherwise sensitive data; and protecting and preserving
institution assets from misappropriation, misapplication, and conversion.
Head of the departments and other respective stake holders are responsible for identifying,
classifying, and protecting information and computer assets within their respective areas. The
IT Team should be notified immediately of any security breaches.
Access to the IIITB’s information assets is restricted to authorized individuals and should be
used only for authorized purposes. All data and applications stored on the IIITB’s systems shall
be considered the property of the institute unless specifically noted otherwise.
Access to systems shared by multiple users shall be controlled through unambiguous
identification of the individual or machine accessing the system. For example, unique user IDs
and passwords should be assigned to individuals.
All individuals shall employ reasonable measures to protect the integrity of their
communication sessions with other systems. For example, individuals should not disclose
passwords to others and users should not leave active communication sessions unattended.
Computing installations (servers, midrange, and microcomputer systems) and supporting
facilities shall be controlled in areas of restricted physical access when operation is considered
essential or when storing confidential or proprietary information.
Installation of proprietary and vendor software must be authorized through the IT department
to prevent system or licensing violations.
Controls for restricted software programs shall be established and enforced to prevent
unauthorized use, reproduction, and modification. Disk files and hard drives are subject to
inspection to ascertain that original documentation, system diskettes, and required licensing
material exist for each copy of software products found.
Access to the IIITB’s systems through remote connectivity is restricted and requires
authorization by the IT Team or other appropriate management.
Attempting to alter any computing or networking components (including, but not limited to,
IDF’s, Switches, routers, and Access Points) without authorization or beyond one's level of
authorization;
Unauthorized wiring, including attempts to create unauthorized network connections, or any
unauthorized extension or re-transmission of any computer or network services; intentionally
damaging or destroying the integrity of electronic information.
Intentionally disrupting the use of electronic networks or information systems.
Intentionally wasting human or electronic resources.
Negligence leading to the damage of IIITB’s electronic information, computing/networking
equipment and resources.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 62 of 88
Keep storage media from view of unauthorized people; erase whiteboards, do not leave in
view on tabletop. Machines should be administered with security in mind. Protect from loss;
electronic information should have individual access controls where possible and appropriate.
Deposit outdated paper information in specially marked disposal bins on institute’s premises;
electronic data should be expunged/cleared. Reliably erase or physically destroy media.
Methods of accomplishing this include having a special key to unlock the computer so it can
be used, thereby ensuring that the computer cannot be simply rebooted to get around the
protection. If it is a laptop or other portable computer, never leave it alone in a conference
room etc. In the office, always use a lockdown cable. When leaving the office for the day,
secure the laptop and any other sensitive material in a locked drawer or cabinet.
Storage media should be labelled. i.e. the classification level should be written on documents,
media (tapes, diskettes, disks, CD's etc), electronic messages and files.
Data should stay within the company, if it must transit public media (e.g. the Internet), it should
be encrypted.
Storage Media should be securely disposed of when no longer needed (e.g. shredders for
documents, destruction of old disks and diskettes etc.).
Users are responsible for their Laptops outside the corporate buildings.
Switch off the computer when not in use.
Only system administrators should install or update software on servers. Users may not install
software on class workstations.
Systems should be cleanly installed according to vendor instructions.
OS installations should include installation of all recommended patches.
Only patches from the original software vendor should be applied. Patches downloaded from
public networks (e.g. Internet) should be checked for integrity using a strong hashing
mechanism (e.g. MD5 or latest). Patches should be pre-tested in a test environment (for at
least a few weeks if possible) before being applied to production systems.
The directives below apply to all the staff & Students of IIITB:
Diskettes should be stored out of sight when not in use. If they contain highly sensitive or
confidential data, they must be locked up.
Diskettes should be kept away from environmental hazards such as heat, direct sunlight,
and magnetic fields.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 63 of 88
Critical computer equipment, e.g., file servers, must be protected by an uninterruptible
power supply (UPS).
Environmental hazards to hardware such as food, smoke, liquids, high or low humidity,
and extreme heat or cold should be avoided.
Since the IT team is responsible for all equipment installations, disconnections,
modifications, and relocations, employees are not to perform these activities. This does
not apply to temporary moves of portable computers for which an initial connection has
been set up by IT department.
Students & Staff shall not take shared portable equipment such as laptop computers
without the informed consent of their department head. Informed consent means that
the manager knows what equipment is leaving, what data is on it, and for what purpose it
will be used.
Staff & Students should exercise care to safeguard the valuable electronic equipment
assigned to them. Employees who neglect this duty may be accountable for any loss or
damage that may result.
Physical security of the institute can be segregated to various entities
Security at the Institute entrance: All the visitors including technology partners, vendors and
third party contractors must sign in at the entrance with proper credentials, contact details,
purpose of the visit & whom to visit in register or if possible security Guard can use technology
support to provide Photo-ID. Only on confirmation of by the person to be visited must the
visitor be allowed to enter the premises.
Access control to datacenters: The datacenter holds key and critical information resources
pertaining to IIITB and hence it’s paramount to safeguard those. The entry into the datacenter
should be regulated and only authorised personnel should be allowed access to the data
center. The movement of personnel can be regulated by way of installing access card
mechanisms or biometric systems.
Fire prevention and containment: Fire poses a major threat to IT assets of IIITB, its imperative
that fire prevention and detection mechanisms are installed all over the IIITB facility. The data
center in particular should have a combination of manual and automatic fire extinguishing
systems which complements the water sprinklers which are redundant in the event of a “class
C “fire.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 64 of 88
The physical security policies apply to the following:
SECURE AREAS
Physical security perimeter
Physical Entry Controls
Securing Facilities, Rooms and Offices
Workspace Security Measures
Isolated delivery and loading areas
EQUIPMENT SECURITY
Equipment sitting and protection
Power supplies
Cabling Security
Equipment Maintenance
Security of equipment off-premises
Secure Disposal of Equipment
For a detailed description of the above. Refer to procedures section
Responsibility
IIITB IT staffs at individual location are responsible for the implementation and execution of
this policy. IT & IS Manager is responsible for the monitoring of the successful implementation
of policy.
Enforcement
All the parties mentioned in the policy has to strictly abide by the policy. If anyone is found
violating the policy strict disciplinary action would be taken in tune of denying entry to the
premises.
Procedures
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 65 of 88
Security at the Institute entrance: All the visitors including technology partners, vendors and
third party contractors must sign in at the entrance with proper credentials, contact details,
purpose of the visit & whom to visit. Only on confirmation of by the person to be visited must
the visitor be allowed to enter the premises. The entry log should contain the following
Sl no Visitor
name/with
contact details
Whom to visit Purpose Time in/Timeout
Access control to datacenters: The datacenter holds key and critical information resources
pertaining to IIITB and hence it’s paramount to safeguard those. The entry into the datacenter
should be regulated and only authorised personnel should be allowed access to the data
center. The movement of personnel can be regulated by way of installing access card
mechanisms or biometric systems. The datacenter should maintain a sign in record for all the
visitors .The sign in record template should be as follows:
Sl no: Name Purpose
Sign in /Sign out time
Physical security perimeter
IIITB Premises are enclosed by wall / fence and all gates are guarded by security guards All-
important areas like entry/ exit points, reception areas, areas behind the buildings and along
the periphery are under CCTV coverage
Physical information processing resources like servers, workstations, etc that support key
business processes shall be housed in a secure area that reasonably protects the resources
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 66 of 88
from unauthorized physical access, fire, flooding, explosions, and other forms of natural or
man-made disaster.
IT Manager/ISO, responsible for sensitive information or for information processing resources,
shall periodically perform a self-assessment to determine the existing level of security
vulnerability and compliance with the physical security requirements
Physical access to the secure areas housing information systems and networks shall be
restricted only to authorized personnel. The authorization shall be provided by the ISO.
Access rights shall be reviewed by the ISO on a periodic basis. All access shall be recorded and
reviewed by the IT manger/ISO.
Physical Entry Controls
Suitable Authentication controls, like biometric access system/access card system, shall be
used to authorize and validate all access.
An audit trail of all access shall be securely maintained and reviewed regularly.
Security personnel shall supervise all visitors to computer facilities at all times whilst in the
room. All visitors, short-term contractors and third party engineers etc., even if authorized,
shall be accompanied at all times. A visitor log shall be kept and reviewed regularly.
All the Students & Staff, housekeeping staff, contractors, and visitors shall wear and display
identification badges (ID badges) provided by the IIITB while on office premises and for
entering and exiting office premises. This is applicable on all days of the year. Staff shall be
encouraged to challenge strangers and report their presence to local physical security
personnel.
The housekeeping staff are not be permitted to enter the premises before 7.30 AM and are
expected to leave before 5.30 PM
Visitors are allowed to enter the premises only after confirmation of appointment from the
concerned person.
Visitors are not permitted beyond the reception area unless they escorted by Security
personnel or employees
Vehicles without valid stickers and gate pass will not be granted entry to any of the parking
areas
All personal belongings will have to be declared when entering or exiting the office premises.
The housekeeping & security staffs are physically frisked every time they enter or leave the
premises.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 67 of 88
The security team checks the contractors/caterers/drivers thoroughly at the time of exit
Office premises will be under guard 24 hours a day
A higher degree of care will be taken as regards controlled areas
Quarterly review shall be performed by ISO to ensure that only those individuals with a job
related need have access to the computing facilities.
Securing Facilities, Rooms and Offices
IT facilities shall be sited away from areas of public access or direct approach by public vehicles,
and consideration shall be given during siting to any security threats presented by neighboring
accommodation.
Appropriate safety equipment shall be installed, such as heat and smoke detectors, fire alarms,
fire extinguishing equipment and fire escapes. Safety equipment shall be checked regularly in
accordance with manufacturers' instructions. Employees shall be properly trained in the use of
safety equipment.
Doors and windows shall be locked when the facility is unattended. Additional external
protection shall be considered for windows if necessary.
Support functions and equipment including photocopiers and fax machines shall be sited
appropriately within the secure area to avoid demands for access, which could compromise
information.
Suitable intruder detection systems installed to professional standards and regularly tested
shall be in place to cover all external doors and accessible windows.
Hazardous and combustible materials shall be securely stored at a safe distance from the site.
Combustible computer supplies such as stationery, other than immediate operational needs
shall not to be stored within dedicated computer operations rooms.
Photographic, video, audio or other recording equipment should not be allowed, unless
authorized.
Fallback equipment and back-up media shall be sited at a safe distance to avoid damage from
a disaster at the main site.
Equipment siting and protection
Adequate power supplies and auxiliary power supplies shall be provided to information
processing resources.
Adequate protection shall be provided to information and information processing resources
against damage from exposure to water, smoke, dust, chemicals, electrical supply interference,
etc.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 68 of 88
The minimum-security protection activities specified by the vendor/manufacturer of
information processing equipment shall also be implemented.
Smoking, eating, and drinking shall be prohibited in computer equipment areas.
Physical emergency procedures shall be clearly documented. All IIITB staff & students shall be
trained in appropriate behavior in emergencies.
Equipment Maintenance
Information processing equipment shall be maintained in accordance with the
vendor/manufacturer’s recommended service intervals and specifications.
Only authorized personnel shall perform repairs and servicing of information processing
equipment.
Records shall be maintained of all repairs, maintenance, faults and suspected faults on
information processing resources by the IT Manager, after collating the same from the
respective administrators.
Workplace Maintenance
Each user is provided a safe with lock and key for keeping all confidential data / papers / media
safely. The duplicate key for the entire safe will be kept with the security.
Users secure all the confidential items before leaving at the end of the day and maintain desks
clean. (clean desk policy)
Users are to lock the keyboards, even when they leave the workstations for a short period
apart from when they are leaving for the day.
By default, self-locking screen saver gets enabled after 15 minutes of inactivity.
Confidential document disposal
A locked box is placed on each floor of every building where the employees drop all
confidential papers / media, that needs to be disposed of.
These boxes are cleared and items are shredded using a shredder by housekeeping team
under the supervision of security personnel
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 69 of 88
12 Network Security
Purpose
IIITB computing and communication networks (wired and wireless) are part of IIITB’s overall
computing and communication infrastructure. Infrastructure is the underlying electronic
information system hardware, software, and services that provide computing, information
management, and communication capabilities to IIITb’s departments, staffs, Students, and
industry partners. IIITB computing and communication network is defined as the hardware
and software components that support the movement of the institutes Information from one
device to another. Examples of IIITB computing and communication networks include local
area computing networks, wireless networks, telephone networks, and videoconference
networks and CCTV surveillance network .The policy aims to enforce certain network
controls so as to enhance the overall network security posture of IIITB.
Scope
The scope of the policy encompasses the students, staff and all the systems/network
administrators of IIITB.
Policy
When IIITB Information is transferred from one IIITB computing and communication network-
attached device to another, the receiving network-attached device must be secured to a level
that protects the sensitivity of the IIITB Information transferred.
All network-attached devices and communication lines must be authorized in order to access
the IIITB computing and communication networks. Change control procedures must be
developed, documented, and utilized for all IIITB computing and communications networks.
Audit logs must be created, maintained, protected, and reviewed.
The following are the controls for the IIITB computing and communication network
configuration:
Wired Network
Remote execution of IIITB computing and communication network security operations
only within procedurally specified parameters and practices;
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 70 of 88
ccess Practices in place for all IIITB computing and communication resources to
prevent unauthorized access to any segment of the IIITB computing and
communication network;
Audit trails available and reviewed for all access attempts and configuration changes;
A level of back-up in place for IIITB computing and communication network devices
consistent with the level of risk and the impact on the IIITB’s smooth functioning;
Standardized protocols in place across the facility, with encryption capabilities and
standards supported by the IIITB computing and communication network where
appropriate;
IIITB Information transmitted from any point within the IIITB computing and
communication network and received only at the destination(s) it was intended to
reach;
IIITB Information received at any point within the IIITB computing and communication
network exactly the same in content as the IIITB Information transmitted;
Reasonable precautions implemented so that IIITB Information, while in transit, cannot
be observed, tampered with, or extracted from the IIITB computing and
communication network by some unauthorized person or device;
Practices in place to identify any attempt to gain unauthorized access to the IIITB
computing and communication network, so that appropriate corrective action can be
taken (e.g. intrusion detection systems or system audit logs of unauthorized attempts);
Alternate routes made available within the IIITB computing and communication
network to provide for failure or deliberate destruction of any IIITB computing and
communication network component (e.g. redundant links, device redundancy etc.)
Other means of communication assured if both primary and back-up communication
links are simultaneously unavailable, and this alternate tested;
Technological diagnostic equipment (e.g., data scopes, line monitors) controlled to
prevent unauthorized access to IIITB Information transmissions;
Accurate, detailed, and current IIITB computing and communication network topology
including the installed and applicable security measures maintained for all IIITB
computing and communication network configurations. (Topology is the description
of the locations of all IIITB computing and communication network components e.g.,
printers, personal computers, voice encryption devices). This documentation provides
complete descriptions including:
Points of access,
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 71 of 88
IIITB computing and communication network devices,
Communication protocols,
Physical location(s),
IIITB computing and communication network usage.
All IIITB computing and communication networks must manage access when
connecting to other internal and external computing and communication networks
(e.g., firewalls) as specified by IIITB IT department;
Segregation of duties maintained for the performance of IIITB computing and
communication network administration and security activities in both test and
production environments.
Wireless Network (Wi-Fi) (802.11ac and 802.11n WiFi)
Wireless local area network (WLAN) both 802.11ac vs 802.11n Wi-Fi is deployed in entire
campus of IIITB with controller for management and Aruba Clear Pass for MAC
authentication for each device on the network. Since it is Wi-Fi, we must understand and
accept all risks associated with deploying a wireless system to the IIITB Network. Approvals
must be obtained from each of the following:
1. The Office of the director, Registrar and Computing Chairman
2. The IT & IS Manager
3. The relevant department head
WLANs must be tightly controlled and monitored to ensure that they are properly
configured to meet minimum security standards.
"Rogue" wireless access points must be immediately disconnected until they receive
formal approval.
Requirements
All wireless local area networks (WLANs) that transmit IIITB Information must meet the
following minimum security requirements: IIITB wireless networks:
Be Wireless Protected Access (WPA) compliant
Be enabled with 802.1X/EAP-MS-PEAP for authentication and authorization
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 72 of 88
All AP’s( Access points ) Manage with Wi-Fi Controller
All the users are authenticated by Aruba ClearPass Tool
Implement a separate VLAN for the WLAN compliant with IIITB network zoning
requirements.
Perform site surveys to ensure minimum RF leakage outside the intended environment.
Improperly configured WLANs pose many threats to the security of IIITB, including loss of
confidential data, compromising of end systems, spreading of worms and viruses, etc.
Wireless Glossary of Terms:
ACL - access control list
EAP - extensible authentication protocol
IAS - internet authentication service
IEEE 802.1x
LDAP - lightweight directory access protocol
PEAP - protected extensible authentication protocol
VLAN - virtual local area network
WEP - wired equivalent privacy
WLAN - wireless local area network
WPA- wireless protected access
Responsibility
The responsibility of managing the Wired and Wireless networks of IIITB rests with IT staff
comprising the ISO/IT manager, Network and systems administrators.
IT manager/ISO: Is responsible for the approval of Wireless/wired and network devices prior
to it deployment in the institute’s network and also responsible for maintaining the
compliance level of the deployed network entities.
Network/System administrators: Responsible for configuring and managing the devices as per
the guidelines.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 73 of 88
13 Network Acceptable Use Policy
Purpose
IIITB communication networks (e.g., IIITB Intranet) provide networking services to the institute
as a whole. These networks may carry IIITB Classified Information. As more and more staff &
students utilize communication networks to conduct IIITB functioning, users must understand
their responsibilities in using these networks and in protecting all information that is accessible
via these networks. This policy aims to outline the industry best practices to be adopted by
the IIITB network.
Scope
The scope of this policy extends to all the computing and network equipments within the
control of IIITB IT department. The scope also extends to the network as well as system
administrators and more importantly the students and staff of the institution.
Policy
Students & Staff who are authorized to use IIITB computing and communication networks or
General Information Resources, must act responsibly when using network resources.
Consistent with IIITB’s ethics policies and requirements for the conduct of students & Staff.
Users are expected to access only those IIITB computing and communication resources for
which they are authorized. IIITB Information in any form is considered an asset of the institute
and must be protected. This protection of IIITB Information includes controlling the
transmission of information over communication networks and guarding the IIITB computing
and communication networks and servers from unauthorized access and intrusion from
unauthorized users.
While access and security provisions for specific communication networks should be
documented and incorporated into specific procedures and control mechanisms, general
requirements are as follows:
1. Encrypt any IIITB Classified Information transmitted externally via communication
networks;
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 74 of 88
2. Use security mechanisms (e.g., virus protection) in order to prevent the corruption of IIITB
Information. Be aware of the risks associated with utilizing external communication
networks (e.g., downloading files, especially those from unknown sources);
3. Grant access to external communication networks through approved IT procedures;
4. Access only those systems and networks for which you have been authorized;
5. Protect all IIITB Information according to the provisions of the Information Security
Practices relating to the authorized release of IIITB Information including any electronic
distribution (e.g., e-mail attachments, Ms-Excel, databases, Internet home pages);
6. Comply with any specific procedures issued relative to the communication network being
accessed. Review and understand your responsibilities when accessing resources on the
public network;
7. Respect the academic/business (in case of incubators) purpose for which access to the
communication network(s) has been authorized. Utilize the communication network(s)
prudently.
8. Abide by all applicable laws and regulations, including copyright and software licensing;
9. Do not engage in deliberate attempts to impair the integrity of IIITB computing and
communication resources accessed via the networks;
10. Remind IIITB staff & students that in accordance with the local law:
a) IIITB IT department has the right to monitor, audit, store, retrieve, or otherwise
capture any electronic information occurrence, including but not limited to
transmissions, sessions, or storage that occurs over its owned, controlled, or
connected IIITB computing and communication resources (e.g., e-mail content, voice
mail content, network addresses, frequency or occurrence, and identification of
specific on-line services),
b) IIITB reserves the right to block, alter priority, or terminate execution or access to
any service or activity that diminishes the effectiveness of IIITB’s use of computing
and communication networks by whatever means necessary,
c) IIITB IT department may temporarily or permanently disconnect any user, division, or
subsidiary to prevent any further unauthorized activity, if circumstances warrant,
d) IIITB IT department may report any violation of local, state, federal, or international
laws to the appropriate authorities,
11. IIITB computing and communication resources (e.g., personal computers) are solely for
academic use. Limited personal use, is permitted so long as it is reasonable, ethical, does
not interfere with work/academic responsibilities, and is not in conflict with IIITB’s stated
code of conduct
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 75 of 88
14 IT Configuration and Patch Management Policy
Purpose
As IIITB becomes increasingly dependent on information technology solutions to support its
day to day functioning, it also increases its exposure to security and other software
vulnerabilities. This policy aims to minimize the threats to Operating system residing on the
various computing and network equipment by way of effective patch management.
Scope
The scope of this policy extends to all the computing and network equipment’s within the
control of IIITB IT department. The scope also extends to the network as well as system
administrators who manage the systems and network devices within the IIITB network.
Policy
An IT configuration and patch management process is part of IIITB’s overall security strategy.
All service provider agreements must contain an adequate configuration management
process. Oversight and accountability is the responsibility of IIITB and any contracted
Service Providers.
The following are mandated for a configuration and patch management process:
Configuration Management:
Provides assessment of asset compliance. Compliance here effectively means compliance to
basic security standards as envisaged by the IT & IS Manager. The following are the
fundamental configuration management principles
Identifies non-compliant assets: A periodic scan of the systems and network devices
must be carried out by the system and network administrators for devices/systems
that do not comply with a basic security standard in terms of latest patches, antivirus
updates and system configurations.
Creates a plan to bring non-compliant assets into compliance: A strategy must be
formulated by the IT Manager or ISO to bring the non compliant systems or devices
to compliance.
Executes the plan: The plan must be executed under the strict supervision of IT
Manager/ISO, each patching exercise or updation on a production system must be
preceded by an effective testing cycle
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 76 of 88
Patch Management:
Vulnerability identification and remedies (e.g., patches, etc): IIITB or its designated service
provider will proactively monitor for vulnerabilities and patches for all software identified in
the system inventory.
Prioritization of Patches: IIITB or its service provider must prioritize the set of known patches
and provide classification to sectors, regions, and business units on the criticality of each
patch.
Risk assessment: When IIITB or its designated service provider discovers vulnerability and a
related patch and/or alternative workaround is released, then IIITB or its designated service
provider will consider the importance of the affected assets and/or area of operations, the
criticality of the vulnerability, and the risk of applying the patch. When vulnerability is
identified and no patch is available, IIITB or its designated Service Provider must evaluate the
risk of the vulnerability and, based on that risk, take action to mitigate the risk through other
means until a patch becomes available.
Change Control: IIITB or its designated service provider will follow the standard Change Control
process for application of any changes to configuration.
All devices must be either
patched
removed from the IIITB network
Placed behind a firewall with appropriate filters to prevent transmittal of vulnerability.
Responsibility
The configuration management and patch management are the collective responsibility of
the IT manager or ISO, Network and system administrators. The individual segregation is as
outlined below.
IT Manager/ISO:
• Responsible for overall patch management and configuration management.
• Responsible for strategizing; planning the deployment of patching and
configuration changes.
• Responsible for overseeing the patch deployment during the test phase.
• Responsible for updating the change management log.
Network/System administrator: Responsible for carrying out the changes on systems approved
by the IT Manager/ISO.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 77 of 88
IT & IS infrastructure
Computational Facilities
PCs/Laptop
exclusively
Available
to
Students:
PCs/Laptop
available in
Library:
PCs/Laptop
available in
Administrative
Office:
PCs/Laptop available
to Faculty Members:
220 5 95 57
Number of
PCs/Laptop
in
Language
Lab:
Internet
Bandwidth
in Mbps:
Number of Legal
Application
Software:
Printers available to
Student:
73 1,500 48 3
Number of
A1 Size
Color
Printers:
Number of
Legal System
Software:
Number of Open
Source Software:
Number of Proprietary
software:
1 11 32 20
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 78 of 88
SOFTWARE LICENSE
Part no Descrption Qty
JW546AAE Aruba LIC-AW Aruba Airwave with
RAPIDS and VisualRF 1 Device
License E-LTU
350
H1L06A3#ZXZ HPE Partner-Branded NBD Support
SVC - HPE Aruba AirWave 1 Dev E-
LTU Supp [for JW546AAE]
350
JW472AAE Aruba LIC-AP Controller per AP
Capacity License E-LTU
400
JW473AAE Aruba LIC-PEF Controller Policy
Enforcement Firewall Per AP License
E-LTU
400
H1L06A3#ZXQ HPE Partner-Branded NBD Support
SVC - HPE Aruba Cntrl per AP Capcty
E-LTU Supp [for JW472AAE]
400
H1L06A3#XS4 HPE Partner-Branded NBD Support
SVC - HPE Aruba License PEF Contro
Supp [for JW473AAE]
400
Sl No: Open Sourse Software in Campus
1 Linux operating system.
2 Android by Google.
3 Open office.
4 Firefox browser.
5 VCL media player.
6 Moodle 3.9
7 WordPress content management
system.
8 VLC Media Player
9 Amarok
10 Audacious
11 Apache OpenOffice
12 LibreOffice
13 Avidemux
14 Open Shot Video Editor
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 79 of 88
15 Audacity
16 GIMP
18 7zip
19 Tor Browser
20 Mozilla Thunderbird
21 KeePass
22 DC++
23 BRL-CAD
24 Inkspace
25 Blender
26 WordPress
27 Magento.
28 Mozilla Firefox
29 Mozilla Thunderbird
30 FileZilla
31 GnuCash
32 GIMP
Number of Legal System Software:
1 MICROSOFT CAMPUS LICENSE ALL VERSION OF OS
2 RED HAT
3 MAC OS 10
4 DOCKER
5 KUBERNETS
6 CENTOS
7 MINT
8 SUSE
9 KALI
10 VMWARE
11 HP EXSI
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 80 of 88
Proprietary software 20 PLUS
Microsoft Windows, Adobe Flash Player, PS3 OS, iTunes, Adobe Photoshop, Google
Earth, MACIOS
Skype, WinRAR, Oracle's version of Java and some versions of
Unix.
MSOFFICE
CADENSE
MATLAB
XILINX
WEBEX
GAUSSIAN
ARUBA
AIRWAVE
ARUBACLEAR
PASS
ARUBA MOBILITY MASTER
ARUBA CONTROLLER
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 81 of 88
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 82 of 88
Campus Network
• IIITB Campus network designed for 5000 user devices
• 2 ISP providers for Internet Bandwidth 1.BSNL :1Gbps and 2. NET4INDIA : 500Mbps
• 1000+ I/O ports for wired Network 1G/10G switch and Wave-2 WiFi network
1.733Gbps for entire campus with 350 plus Access points (Supports up to 1,733Mbps
in the 5GHz band and 400Mbps in the 2.4 GHz band) with complete solution from
OEM HP Aruba.
• Entire campus network is 10G Fiber backbone and expandable to 40G.
• All DATACENTER Servers are on 10G/40G.
• IIITB Computer Lab consists of 200 plus systems
• Smart Classroom for all the classes.
• Online recording audio and Video for all the important Classrooms
• 100 plus laptop/Desktops for Faculty and Staff.
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 83 of 88
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 84 of 88
ITEM MODEL SERIAL NO USER LOCATION
DESKTOP HP COMPAQ 6200 PRO MT SGH220RTYW RAM DATA CENTER BSNL
DESKTOP HP ELITE 100MT SGH052Q8KJ Ranjith DATA CENTER
DESKTOP ACER UXVD9S1633E1321836 MURUGAN DATA CENTER
DESKTOP HP COMPAQ 6200 PRO MT SGH220RTY1 MANOJ DATA CENTER BACKUP MACHINE
DESKTOP SGH220RTY2 VINGNESH FINANCE
DESKTOP HP-DX2480MT SGH852ONVY PARUL ADMIN DEPARTMENT
DESKTOP HP ELITE7100 INA110WG40 SOMASHEKHAR ADMIN DEPARTMENT
DESKTOP ACER UXVD9S1633E132832 Smriti ADMIN DEPARTMENT
DESKTOP ACER UXVD951633E132831 PUSHPA FINANCE
DESKTOP DELL OPTIPLEX 390 GH768R8 CYNTHIA ADMIN DEPARTMENT
DESKTOP HP ELITE INA110WG41 NIRMALA ADMIN DEPARTMENT
DESKTOP HP DESKTOP INA110WG43 SURESH FINANCE
DESKTOP DELL 00184034571816 Student CEEMS-LAB
DESKTOP DELL 00184034571827 Student CEEMS-LAB
DESKTOP DELL 00184034571822 Student CEEMS-LAB
DESKTOP DELL 00184034571809 Student CEEMS-LAB
DESKTOP DELL 00184034571829 Student CEEMS-LAB
DESKTOP DELL 00184034571821 Student CEEMS-LAB
DESKTOP DELL 00184034571817 Student CEEMS-LAB
DESKTOP DELL 00184034571819 Student CEEMS-LAB
DESKTOP DELL 00184034571826 Student CEEMS-LAB
DESKTOP HP Z400 SGH049SW5S SWATI MEDIA CENTER
DESKTOP LENOVO THINK CENTER 1S34923JQPG07344 SOMASHEKHAR 201
DESKTOP I MAC APPLE W803114FDAS (IT0249) SHRISHA RAO 122
DESKTOP LENOVO THINK CENTER 1S34923JQPG07340 MEENAKSHI 121
DESKTOP HP ELITE SGH052Q8K RC 116
DESKTOP HP ELITE 7100 MT INA110WG48 PRABHU 126
DESKTOP ASUS AS324125 PRASANT 101
DESKTOP BIOSTAR I945C-M7B MAHESH REDDY 106
DESKTOP ACER UXVD9S1633E132839 BRIJESH KUMAR 215
DESKTOP ACER UXVD9S1633E132820 SRIKANTH 213
DESKTOP WIPRO W23514554 MURALIDHARA 111
DESKTOP HP PROLIANT MT HP131241425 S RAJAGOPALAN 113
DESKTOP HP PROLIANT MT HP131423267 MADHAV RAO 112
DESKTOP DELL TOWER GH768324 NEELAM SINHA 109
DESKTOP ACER UXVD9S1633E132837 JAYA PRAKASH 110
DESKTOP HP UXVJSS1W85G2860948 VEDHA 108
DESKTOP HP ELITE 7100MT INA110WG42 Jyostna Bapat 125
DESKTOP HP SGH90304ST Faculty CL NO: 132
DESKTOP HP PRO INA410VOKZ Faculty CL NO:133
DESKTOP HP SGH8520NZM Faculty CL NO:103
DESKTOP HP PRO INA408T265 Faculty CL NO : (102/133)
DESKTOP ACER IUXVD9X1633E1321834 student ESDM 315-B
DESKTOP ACER IUXVD9X1633E1321839 student ESDM 315-B
DESKTOP DELL 6H5HVS1 student ESDM 315-B
DESKTOP ACER IUXVD9X1633E1321835 student ESDM 315-B
DESKTOP DELL OPTIPLEX GH768R1 student ESDM 315-B
DESKTOP LENOVO 1S3492H2QPG38037 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38014 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38035 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38059 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38046 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QL9CVH04 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38089 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38007 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QL9CVH11 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QI9CVG77 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QL9CVH05 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38061 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38015 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38047 student HIDES LAB-317
DESKTOP LENOVO 1S3492H2QPG38063 student HIDES LAB-317
DESKTOP ACER UXVD9SI633E1321833 DR. RANGANAHAN HIDES LAB-317
DESKTOP DELL 0084034571818 ASHWINI HIDES LAB-317
DESKTOP Acer Veriton AIO M200-H81 UXVJSS1W85G2860638 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H82 UXVJSS1W85G2860609 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H83 UXVJSS1W85G2860888 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H84 UXVJSS1W85G2860783 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H85 UXVJSS1W85G2860580 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H86 UXVJSS1W85G2860626 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H87 UXVJSS1W85G2860863 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H88 UXVJSS1W85G2860872 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H89 UXVJSS1W85G2860933 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H90 UXVJSS1W85G2860900 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H91 UXVJSS1W85G2860802 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H92 UXVJSS1W85G2860679 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H93 UXVJSS1W85G2860940 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H94 UXVJSS1W85G2860599 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H95 UXVJSS1W85G2860879 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H96 UXVJSS1W85G2860833 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H97 UXVJSS1W85G2860777 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H98 UXVJSS1W85G2860884 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H99 UXVJSS1W85G2860627 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H100 UXVJSS1W85G2860603 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H101 UXVJSS1W85G2860867 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H102 UXVJSS1W85G2860640 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H103 UXVJSS1W85G2860859 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H104 UXVJSS1W85G2860860 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H105 UXVJSS1W85G2860856 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H106 UXVJSS1W85G2860936 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H107 UXVJSS1W85G2860838 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H108 UXVJSS1W85G2860887 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H109 UXVJSS1W85G2860676 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H110 UXVJSS1W85G2860841 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H111 UXVJSS1W85G2860908 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H112 UXVJSS1W85G2860911 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H113 UXVJSS1W85G2860813 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H114 UXVJSS1W85G2860663 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H115 UXVJSS1W85G2860904 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H116 UXVJSS1W85G2860896 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H117 UXVJSS1W85G2860934 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H118 UXVJSS1W85G2860935 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H119 UXVJSS1W85G2860909 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H120 UXVJSS1W85G2860846 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H121 UXVJSS1W85G2860659 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H122 UXVJSS1W85G2860591 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H123 UXVJSS1W85G2860656 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H124 UXVJSS1W85G2860839 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H125 UXVJSS1W85G2860912 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H126 UXVJSS1W85G2860891 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H127 UXVJSS1W85G2860651 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H128 UXVJSS1W85G2860644 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H129 UXVJSS1W85G2860649 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H130 UXVJSS1W85G2860939 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H131 UXVJSS1W85G2860910 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H132 UXVJSS1W85G2860852 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H133 UXVJSS1W85G2860938 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H134 UXVJSS1W85G2860836 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H135 UXVJSS1W85G2860729 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H136 UXVJSS1W85G2860612 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H137 UXVJSS1W85G2860854 Student COMPUTER LAB107
DESKTOP Acer Veriton AIO M200-H138 UXVJSS1W85G2860873 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXP Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYB Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYK Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXY Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYX Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTy1 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYL Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYC Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYM Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTZ2 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXK Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYQ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYH Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYV Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTy7 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTZ4 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXC Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXR Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXV Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYZ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTX8 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXB Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXM Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTX9 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXX Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXG Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYG Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTY4 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTY5 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYR Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYF Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTY8 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYN Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTZ0 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXS Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXD Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYZ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTZ1 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXN Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYD Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYP Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTZ3 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTX7 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTY3 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTX9 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXR Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYJ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXZ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYT Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXQ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXY Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXL Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTXW Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTX6 Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH8520NXQ Student COMPUTER LAB107
DESKTOP HP Compaq 6200 SGH220RTYY Student COMPUTER LAB107
Apple Desktop I-Mac -Apple IT0265 Prof.Amit 217
Total number of Desktop: - 179
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 85 of 88
ITEM MODEL SERIAL NO USER LOCATION CONFIGURATION
LAPTOP HP PROBOOK 4530 S C-12047 SARAVANAN R DATA CENTER I5/4GB/500GB
LAPTOP HP COMPAQ NX6310 cnd76890 DC DATA CENTER DISPLAY MACHINE CELERON/512MB/40GB
LAPTOP HP CND1276Z PICHIYA FINANCE
LAPTOP HP PRO 4520S 2CE048151P ROSHINI DSOUZA ADMIN DEPARTMENT I3/4GB/250GB
LAPTOP DELL cnju8956 REGISTRAR - Sridhar ADMIN DEPARTMENT I5/4GB/500GB
LAPTOP HP PROBOOK 1929ZY REGISTRAR - Prakash ADMIN DEPARTMENT CORE2DUO/4GB/500GB
LAPTOP DELL VOSTRO 5CG63330H7 Rashmitha PLACEMENT/Upgrade i5/4GB/1TB
LAPTOP COMPAQ NX6310 cnhy754787 Faculty MEDIA CENTER CELERON/1.25GB/500GB
LAPTOP HP PAVILLION DV6 544092 SWATI MEDIA CENTER I5/4GB/500GB
LAPTOP COMPAQ NX6310 CNU63101HX ANGEL MEDIA CENTER CELERON/1.25GB/40GB
LAPTOP COMAPQ NX6310 CNZ13X ANGEL MEDIA CENTER CELERON/1.25GB/40GB
LAPTOP HP PROBOOK 2CE102090L RAMA 201 I3/4GB/320GB
LAPTOP COMAQ NX6310 CNA63101NW SOMASHEKHAR 201 CELERON/1.25GB/40GB
LAPTOP LENOVO THINKPAD R10ZXY RC 116 I3/4GB/500GB
LAPTOP HP PROBOOK 4530S XYZ17UZD PRASANA 127 I5/4GB/500GB
LAPTOP HP PROBOOK 4440S cfhy7890 THRICHA ANJALI 212-C I5/4GB/500GB
LAPTOP HP PROBOOK 4530S cvdf7894 ASHOK BALAKRISHNAN 211 I5/4GB/500GB
LAPTOP HP PROBOOK 4530S XY1U2DX SUBHAJIT SEN 210 I5/4GB/500GB
LAPTOP HP PROBOOK 4440S ZUXY1279 AMIT PRAKASH 209 I5/4GB/500GB
LAPTOP HP PROBOOK 4530S 66BU66 MANISH KULKARNI 208 I5/4GB/500GB
LAPTOP SONY VIO YU68Z1U NIVEDITA MENON 207 I5/4GB/500GB
LAPTOP DELL VOSTRO CNC1XUD SREEENIVASA RAGAVAN 206-C I5/4GB/500GB
LAPTOP LENOVO THINKCENTER CNU12790 DINESH BABU 206-D I5/4GB/500GB
LAPTOP SONY VIO ZXC19UD VINOD VYASULU 206 I5/4GB/500GB
LAPTOP HP PROBOOK 4440S D5J48PA V. SRIDHAR 224 I5/4GB/500GB
LAPTOP HP PROBOOK 4440S INA311YHT12 ASHISH 223 I5/4GB/500GB
LAPTOP SONY VIO 54576298 BIDISHA CHAUDURI 214 I5/4GB/500GB
LAPTOP HP PROBOOK 4440S CNC1ZDYZ JOY PRABHAKARAH 212-D I5/4GB/500GB
LAPTOP HP PROBOOK 4530S CNC1Z29Z MURALIDHARA 111 I5/4GB/500GB
LAPTOP HP PROBOOK 4520S CNZ1927Z D.V. JAGADISH 114 I3/4GB/500GB
LAPTOP DEL VOSTRO X1C16000 MADHAV RAO 112 I5/4GB/500GB
LAPTOP DELL VOSTRO ZXC2876 JAYA PRAKASH 110 I3/4GB/500GB
LAPTOP HP PROBOOK CNYZ2D1X DAS 117 I3/4GB/500GB
LAPTOP HP PROBOOK CND5389A DAS 117 I3/4GB/500GB
LAPTOP SONY VIO XY2DY2H BALAJI 120 I5/4GB/500GB
LAPTOP HP NOTEBOOK CND438B1JN BALAJI 120 I5/4GB/500GB
LAPTOP HP NOTEBOOK cvny689nd JOSENA BAPAT 125 I5/4GB/500GB
LAPTOP HP PROBOOK cvn67hdgtd D Das 117 I5/4GB/500GB
LAPTOP HP PROBOOK 440 INA425ZTVS Faculty MAIN CLASS ROOM (106) I5/4GB/500GB
LAPTOP HP PROBOOK 4520S 2CE480YRS Faculty BOARDROOM 107 I3/3GB/320GB
Laptop HP Pro Book INA328D3JW Prof.Chetan Parikh 115 1TB/4GB
Laptop HP Envy R41000680 Prof.G.Srinivas Raghavan 206c i7/16GB/2TB
Laptop HP Probook 450G2 yhj89c6 Prof.Sachit Rao 224e I5-52OOU/4GB/500GB
Laptop Dell Inspiron 5558 CMKGZ52 Prof.P.V.Dinesh Babu 206b I55250U/8GB/1TB
Laptop HP ProBook 450G2 hjk789fhj Prof.Preeti Mudalar 220 I5-52OOU/4GB/500GB HDD
Laptop HP Compaq NX 6310 CNU1XUDY Harish Ponnappa 202 i3/2gb/40GB
Laptop HP Compaq CNU2152F30 Faculty Claass Room 204
LAPTOP Dell Vostro 3458 87H2762 Faculty Class ROOM 102 I3/4GB/500GB
LAPTOP Dell Vostro 3458 6TFZ662 Faculty Class ROOM 308 I3/4gb/500GB
LAPTOP Dell Vostro 3458 1Z50762 Faculty Class Room 303 I3/4G/500GB
LAPTOP Dell Vostro 3458 455D662 Faculty Class Room 304 I3/4G/500GB
LAPTOP Dell Vostro 3458 INA425ZTV9 Faculty Class Room 307 I3/4G/500GB
LAPTOP HP Probook xcvnj73567 ROSHNI ADMIN DEPARTMENT I3/4gb/500GB
LAPTOP Dell Vostro 3458 3Y72762 Faculty Class Room 309 I3/4gb/500GB
LAPTOP Dell Vostro 3458 vbhj89kmj Faculty Class Room 310 I3/4gb/500GB
Laptop Lenovo Lr01kee Mythri Reception I3/1tb/4gb
Laptop Lenovo LR01s198 Security Gate1 I3/1tb/4gb
Laptop Lenovo LR09S1KK Security Gate2 I3/1tb/4gb
Laptop Lenovo LR09S1CL Security Gate3 I3/1tb/4gb
Laptop Lenovo LR09UD2S Registrar 122 I5/1tb/4gb
Laptop Lenovo E430 Security Reception Display I3/500gb/4gb
Laptop Lenovo vbyuj8965 Prof.Manisha 208 I5/1tb/4gb
Laptop Lenovo Yoga cfy12sdf79 Prof.Srinivas 133f i7/500GB/8GB
Laptop Lenovo Yoga 77V0P87 Prof.Uttam Kumar 123 i7/500GB/8GB
Laptop Lenovo 310 77609AM Prof.Madhav Rao 112 I5/1tb/4gb
Total Laptop :- 65
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 86 of 88
SOFTWARE LICENSE
Part no Descrption Qty JW546AAE Aruba LIC-AW Aruba Airwave with
RAPIDS and VisualRF 1 Device License
E-LTU
350
H1L06A3#ZXZ HPE Partner-Branded NBD Support SVC
- HPE Aruba AirWave 1 Dev E-LTU
Supp [for JW546AAE]
350
JW472AAE Aruba LIC-AP Controller per AP
Capacity License E-LTU
400
JW473AAE Aruba LIC-PEF Controller Policy
Enforcement Firewall Per AP License E-
LTU
400
H1L06A3#ZXQ HPE Partner-Branded NBD Support SVC
- HPE Aruba Cntrl per AP Capcty E-
LTU Supp [for JW472AAE]
400
H1L06A3#XS4 HPE Partner-Branded NBD Support SVC
- HPE Aruba License PEF Contro Supp
[for JW473AAE]
400
SL.No Dell 3060MT Desktop Issued To SL.No DELL 19" E1916HE Monitor Issued To
1 G41M9X2 R106 1 CN0CH5KXFCC0094HC4UB R109
2 G41P9X2 JYOTSNA 2 CN0CH5KXFCC0094HC7LB JYOTSNA
3 G41N9X2 R109 3 CN0CH5KXFCC0094HC75B RLAB-107
4 C0L0HY2 RLAB-107 4 CN0CH5KXFCC0095ICGWB RLAB-107
5 C0D2HY2 RLAB-107 5 CN0CH5KXFCC0095ICHCB RLAB-107
6 C0J0HY2 (DOA) 1F2WBZ2 R103 6 CN0CH5KXFCC0095ICH0B RLAB-107
7 C0RYGY2 RLAB-107 7 CN0CH5KXFCC0095ICH6B RLAB-107
8 C0BYGY2 RLAB-107 8 CN0CH5KXFCC0095ICH7B RLAB-107
9 C0FWGY2 RLAB-107 9 CN0CH5KXFCC0095ICGTB STORE ROOM
10 C0PYGY2 RLAB-107 10 CN0CH5KXFCC0095ICH5B RLAB-107
11 C0G1HY2 JVPrasad A134-E 11 CN0CH5KXFCC0095ICH1B RLAB-107
12 C0DZGY2 RLAB-107 12 CN0CH5KXFCC0095ICHAB RLAB-106
13 C0NWGY2 RLAB-107 13 CN0CH5KXFCC0095ICH2B RLAB-107
14 C0R3HY2 RLAB-107 14 CN0CH5KXFCC0095ICHEB RLAB-107
15 C0P1HY2 RLAB-107 15 CN0CH5KXFCC0095ICGFB RLAB-107
16 C0MXGY2 RLAB-107 16 CN0CH5KXFCC0095ICGVB RLAB-107
17 C0M0HY2 RLAB-107 17 CN0CH5KXFCC0095ICH3B JVPrasad A134-E
18 C0K2HY2 RLAB-107 18 CN0CH5KXFCC0095ICGPB RLAB-107
19 C0JXGY2 RLAB-107 19 CN0CH5KXFCC0095ICH4B RLAB-107
20 C0Q3HY2 RLAB-107 20 CN0CH5KXFCC0095ICGGB STORE ROOM
21 C0GYGY2 RLAB-107 21 CN0CH5KXFCC0095ICGNB RLAB-107
22 C0H3HY2 RLAB-107 22 CN0CH5KXFCC0095ICGUB RLAB-107
23 C0QZGY2 RLAB-107 23 CN0CH5KXFCC0095ICGRB RLAB-107
Intel i-5 Desktops
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 87 of 88
Sl No: Open Sourse Software in Campus
1 Linux operating system.
2 Android by Google.
3 Open office.
4 Firefox browser.
5 VCL media player.
6 Moodle 3.9
7
WordPress content management system.
8 VLC Media Player
9 Amarok
10 Audacious
11 Apache OpenOffice
12 LibreOffice
13 Avidemux
14 Open Shot Video Editor
15 Audacity
16 GIMP
18 7zip
19 Tor Browser
20 Mozilla Thunderbird
21 KeePass
22 DC++
23 BRL-CAD
24 Inkspace
25 Blender
26 WordPress.
27 Magento.
28 Mozilla Firefox.
29 Mozilla Thunderbird.
30 FileZilla.
31 GnuCash.
32 GIMP.
Number of Legal System Software:
1
MICROSOFT CAMPUS LICENSE ALL VERSION OF
OS
2 RED HAT
3 MAC OS 10
4 DOCKER
Use or disclosure of data on this page is subject to IIITB's notice of use and disclosure restrictions
IIITB Confidential 1.1.2019 Page 88 of 88
5 KUBERNETS
6 CENTOS
7 MINT
8 SUSE
9 KALI
10 VMWARE
11 HP EXSI
Proprietary software 20 PLUS
Microsoft Windows, Adobe Flash Player, PS3 OS, iTunes, Adobe Photoshop, Google Earth, MACIOS Skype, WinRAR, Oracle's version of Java and some versions of Unix.
MSOFFICE
CADENSE
MATLAB
XILINX
WEBEX
GAUSSIAN
ARUBA
AIRWAVE
ARUBACLEAR
PASS
ARUBA MOBILITY MASTER
ARUBA CONTROLLER