Tata Power Company Ltd. Corporate Information Technology
IT Policy- Proxy Bypass IP Address Allocation
Tata Power Company Ltd.
Version 1.0
February 2005
Corporate Information Technology
Approval History
Rev. 0. February 2005
Created By / Shrikant H. AgarwalChecked By / E. R. Batliwala
Approved By / VP
Proxy Bypass IP Address Allocation Policy
Rev. 1.0
February 2005
1. Introduction:
TPCL has a 2 Mbps Internet connectivity via STPI which connects the TPCL Network to the external world. E-mail facility has been provided to various users in order to improve and effectively perform the company business. Additional services such as Internet browsing have also been provided, which is provided on “need to use basis” with appropriate approvals.
In order to protect the Organizational Information Assets, the TPCL network is connected to the external world via a firewall and proxy server which protects the internal network from external attacks by means of filtering the unauthorized traffic to and fro the Internet. All E-mail and attachments received from Internet are checked for presence of viruses and worms before these are delivered to the designated e-mail recipients.
As per the Organizational Information Security Policy (Available on TPC Intranet), downloading of files (exe, Active X, pif, scr, mpg, mov, avi, etc., which are known vectors of viruses and worms) from Internet is not permitted. All viruses, worms and mal-ware use executable programs and like as an effective means of propagation and finding entry into company networks. In general, any software downloaded from Internet poses a security risk to the corporate network and the Organizational Information Assets, and therefore, connecting to, and software downloading from “Un-trusted” sites is not permitted as per the Information Security Policy. All users having access to Internet browsing facility have been provided accounts on the proxy server which acts as a blocking filter during downloading of executable files etc., while allowing the HTTP traffic to the Internet.
2. Connecting to Internet using Direct IP Addressing:
Although the downloading of software from Internet is discouraged, a lot of systems such as Exchange Email Server, Windows 2000 Server, Antivirus installations etc. in our organization need to be kept current with the software updates and security patches provided by the Software Manufacturers such as Microsoft (windows, Exchange), and Symantec (Antivirus) in order to maintain the servers free from any software vulnerability as a requirement of the fulfillment the Organizational Information Security. The System Administrators in TPCL have been allocated direct IP addresses which are not “challenged” by the firewall and therefore allowed to download the files required for the System Administrative Tasks. However, this has to be done with utmost care and precaution, such as downloading files only from the “Trusted” sites and making sure that the software so downloaded is safe to use and free from viruses, mal-ware etc.
Users (other than System Administrators) who have a genuine need to run alien software (such as demo, trial, new promotion software, untested software etc.) packages must understand that their computers and the corporate network in turn runs a significant risk of Information Security attacks. The use of such software is therefore is not allowed on computers connected to the company network as per the company Information Security Policy. All users of such software must make sure that any “Un-trusted” software is safe and free from viruses etc. by trying these on isolated computers after scanning.
All computers using the direct IP address run significant risk of divulging the internal network information to the hackers who could be using highly sophisticated software tools such as packet sniffers etc. which may lead to session hijacking. Also, all Internet traffic unchallenged by the firewalls and proxy servers runs a risk of implanting software infected with viruses and other forms of mal-ware. Therefore, all such internet connectivity using direct IP Addressing should be avoided.
3. IP address allocation Policy:
i. All the Direct IP Address allocation will be reviewed and approved by the TPCL Information Security Committee.
ii. The System Administrators may be allocated an IP address in order to perform their duties effectively.
iii. All the IP traffic originating from the machines having fixed IP Address will be monitored. The Network Administrator will review the Network Logs and present the findings to GM/DGM in case of violations. Any misuse detected will lead to disciplinary actions as decided by the TPCL Information Security Committee.
iv. Other users who may have genuine requirements of using a Direct IP Address should apply on the form enclosed duly recommended by their Sr. GM/GM/Head of Department and forward to the TPCL Information Security Committee for final approval.
v. All users are required to understand the risks involved in using Direct IP addresses for downloading files etc. and must be fully aware of the Information Security Procedures and Policies.
vi. It will be the responsibility of all such users to install and update their machines with latest security patches and Anti Virus Signature updates in order to prevent spawning and propagation of viruses, mal-ware etc.
vii. All users shall strictly not connect or download from “Untrusted”, “Rogue”, or banned sites from Internet.
viii. All users must make sure that no software, data, media files etc. are downloaded into the corporate machines leading to the infringement of Indian, International Copyrights, Intellectual Property Rights etc. (Ref. TPCL Information Security Policy and Procedures)
ix. Downloading of materials such as movie, music, and other media not required by the official business of TPCL is strictly prohibited. Suitable actions will be taken as per the HR/Information Security Committee against users violating the policy.
x. Any users downloading demo, media or software distribution under development required for the company business should have NDA/legal contract in place in order to safeguard the interests of TPCL.
Request for Proxy Bypass IP Address for Internet Connectivity
1. Name ______
2. Designation ______
3. Employee No. ______
4. Department/Division______
5. Statement of Purpose
______
______
______
______
6. IP Port Requested ______
7. Declaration: I have read the TPC Information Security Policy and Procedures. I am fully aware of the risks involved in the use of the Proxy Bypass facility for connecting to the Internet. I agree to abide by the Company rules and Information Security Policy restrictions. I shall exercise utmost precaution and care not to connect, access, or download any prohibited/unlawful/harmful Web contents, and I shall be responsible for any Information Security incidents due to my actions.
8. Signature______Date______
9. Recommended______Date______
(Sr. GM/GM/DGM/Head of Dept)
10. Comments (if any)______
11. Approved/Denied Date
______(Head, Information Security Committee)
______(Member, InfoSec Committee)
______(Member, InfoSec Committee)
______(Member, InfoSec Committee)
Comments (if any)
______
6