Security Challenges in Centralised IT Environment

1
Security Challenges in Centralised IT
Environment

• Deepak Chhabra, IRTS
• Group General Manager/Web Services
• Centre for Railway Information Systems
• New Delhi-110021

2
Presentation Outline

• Centralised IT in Railways
• Reservation Information Infrastructure
• NTES/Enquiry systems/Call centres
• Internet Bookings
• Security guidelines/ Policy
• Suggestions to improve the security

3
GROWTH OF PASSENGER TRAFFIC OVER YEARS (in
Millions)
Year Suburban Non Suburban Total all
classes second class 1950-51
412 847 1284 1960-61 680 899 1594 197
0-71 1219 1196 2431 1980-81
2000 1602 3613 1990-91 2259 1580 3858 1
995-96 2484 1507 4018 1996-97
2578 1548 4153 1997-98 2657 1662 4348 1
998-99 2668 1713 4411 1999-00
2771 1776 4585 2000-01 2861 1932 4833 200
1-02 2999 2053 5093 2002-03
2934 2037 4971
4
GROWTH OF FREIGHT TRAFFIC OVER YEARS (in
Millions)
Year FREIGHT Index Net Tonnes
Index Tonnes (1950-51100)
(Kms.) (1950-51 100) 1950-51 73.2
100.0 37,565
100 1960-61 119.8 163.7 72,333
192.6 1970-71 167.9 229.4 110,696
294.7 1980-81 195.9 267.6 147,652
393.1 1990-91 318.40 435.0
235,785 627.7 1995-96 390.69
533.7 270,489 720.1 1996-97 409.02
558.8 277,567
738.9 1997-98 429.38 586.6
284,249 756.7 1998-99 420.92
575.0 281,513 749.4 1999-00 456.42
623.5 305,201 812.5 2000-01
504.20 688.7 315,516 839.9 2001-02
522.23 713.4 336,445 895.6
5
PASSENGER TRANSPORTATION SERVICES OF INDIAN
RAILWAYS

• Indian Railways meet nearly 22 of the total
  Passenger Transportation needs and nearly 60 of
  long distance travel needs of the People of the
  country
• Every day nearly 15 million passengers travel on
  our trains
• Passenger business accounts for 31 of the
  revenue of IR
• During 2004-05
• 5490 Million passengers were carried
• Passenger kilometers was 570 billion
• Passenger earning was Rs 14,035 crores

6
Automation in Indian Railways

• Automating the following batch applications
  started as early as in 1960s-
• Payrolls
• Maintenance of PF records
• Stores/ Inventories
• Passenger Accountal
• Freight Accountal
• Operating Statistics
• Wagon Census
• Tracing of Wagons

7
FOIS

•  
•          Networking of 132 additional points 84
  nodal consist reporting points, 48 originating
  terminals and enhancement of following
  functionality
• Implement RMS phase-II at 362 locations covering
  99 originating traffic, capture consists, and
  Railway Receipts.
• Wagon wise consignment tracking
• Clearing of stock holding
• Invoice based consignment tracking
• Invoice based loading originating tonnage
  revenue
• Wagon wise inter change
• Statement of missing wagons
• Linking of unconnected consignments
•  
•  

8
FOIS

• Implementation of TMS (Terminal Management
  System) commodity corridor wise during at leading
  Goods Sheds, beginning with 25 POL points)
  between CR, WR, NR, coal from NR power
  houses, iron ore traffic over entire IR now
  implemented over 250 locations out of 500
  locations.
• Booking and delivery of consignment on computer
• Station accounting
• Railway Receipt (RR) generation/transmission
•  Better interface with customer
•  

9
Projects handled by PRS Group

• CONCERT Implementation on VAX Systems in 1998-99.
• Porting of CONCERT in PRS/SC
  22 Sept, 94
• Porting of CONCERT in PRS/NDLS
  9 Sept, 96
• PRS/NDLS and PRS/SC Networked
  8 Oct, 97
• Porting of CONCERT in PRS/HWH
  15 June, 98
• Networking between PRS/HWH,
• PRS/NDLS and PRS/SC
  19 July, 98
• Porting of CONCERT in PRS/Mumbai
  11 Jan, 99
• Mumbai Networked with Delhi, HWH SC
  31 Jan, 99
• Chennai Networked with Mumbai,
  18 Apr, 99
• Delhi,HWH SC

10
(No Transcript)
11
PRS Website www.indianrail.gov.in

• CRIS has implemented and hosts Indian Railways
  own web-site, namely www.indianrail.gov.in and
  offers PRS enquiries on the internet namely
• Trains between a pair of Stations
• Accommodation Availability
• PNR Status Enquiry
• Train Schedule/Fares
• Station Code Enquiry
• Short Messaging Service (SMS) on Mobile
• A maximum of 55 lakh hits per day have been
  recorded

12
Enquiries on www.indianrail.gov.in

• Trains between a pair of stations
• This enquiry gives all the trains between the
  selected source and destination station
• Accommodation availability
• This enquiry gives the latest seat availability
  position of the chosen class, date, train and
  route.
• PNR status enquiry
• This enquiry gives the latest updated status of
  the passenger
• Train Schedule
• This enquiry gives the complete path information
  of a particular train with the arrival and
  departure time at a station.

13
Static Information on www.indianrail.gov.in

• Rules
• Reservation Rules, Refund Rules, Break Journey
  Rules, Luggage Rule, Change in Name
• General Information
• Season Tickets, Circular Journey, Booking
  Locations, Concession Forms for Blind,
  Orthopaedically handicapped, Mentally retarded
  and Deaf Dumb persons, General Reservation
  Form, Tele Booking, Tatkal Booking
• Tourist Information
• International tourists information, Travel
  Agents
• Special Trains
• Palace on Wheels, Royal Orient Express, Hill
  Trains, Shivalik Deluxe/Palace Trains, Holiday
  Specials, Tatkal Trains, Rajdhani Trains,
  Shatabadi Trains

14
National Train Enquiry System (NTES)

• Real Time Information of Train arrival /
  departure
• disseminated through
• Display Boards
• Interactive Voice Response System (IVRS)
• Automatic Announcement System
• Face to Face Enquiry counters
• Internet (web site launched at www.trainenquiry.co
  m)

15
NTES Website www.trainenquiry.com

• National Train Enquiry System is made available
  through Internet on www.trainenquiry.com
• Site provides the following Information
• Running Status of Trains
• Trains between two Stations
• Spot your Train
• Train Arrival
• Tourist Information
• Passenger Amenities at Station

16
Enquiries on Cell Phones through SMS

• Train Schedule
• PNR Status
• Accommodation Availability
• Trains between stations
• Fare
• Available on Short code
• 676747
• 7886
• 8888

17
FORMAT/ KEY to send SMS

• Access No. 676747 (IDEA, AIRTEL, BPL, BSNL)
• To get your Ticket Status
• PNR ltPNR No.gt
• Checking for Trains running between two stations
  TL lt starting city gt lt ending citygt
• Checking for Ticket AvailablityTA lttrain number
  gt ltstarting citygt ltending citygt ltjourney date gt

18
(No Transcript)
19
PRS Website (www.indianrail.gov.in) Number of SMS
Hits per month
20
E-RESERVATION PROJECT FOR IRCTC

• The e-reservation website http//www.irctc.co.in
  was
• inaugurated on 3rd August 2002.
• The software developed by CRIS consists of
• Complete interface software between the IRCTC
  front-end server and the back end Alpha server.
• Complete e-reservation and enquiries back end
  servers. 
• Ticket printing and reset facilities in existing
  client.
• Accounting reports for the IRCTC transactions.

21
Infrastructure of PRS

• Infrastructure used to implement the reservation
  and ticketing system-
• HPs AlphaServer hardware
• Operating System - OpenVMS 7.3-2
• Routers to implement a network of 5 PRS
  Centres over 2 MB leased DOT lines
• Over 4000 Terminals connected to the 5 centres
  over DOT and leased lines
• DecNet phase V/ TCP-IP networking software

22
CONCERT NETWORK TOPOLOGY
kolkata PRS
Delhi PRS
2 MBPS (x2) Leased Line6
2 MBPS (x2) Leased Line
Mumbai PRS
2 MBPS (x2) Leased Line
Secunderabad PRS
2 MBPS Leased Line
Delhi
2 MBPS Leased Line
2 MBPS (X 2) Leased Line
Calcutta
Mumbai
SecBad
Chennai PRS
Chennai
23
Security for any set System/ Infrastructure

• AAA (Authentication, Authorisation, and
  Accounting)
• SSL based framework
• Digital Signatures/ Certificates
• Data Confidentiality
• Data Integrity
• Data Non-Repudiation

24
Security levels

• Hardware level
• OS level
• Network level
• Application level

25
Security levels - Hardware

• Servers located at 5 centres fully owned by
  Railways
• Access to the server rooms is restricted
• The centres are manned /controlled by Railway
  personnel
• All accesses to the system are through secure
  terminals

26
Security levels - OS

• Open VMS is being used as the OS for CONCERT
• Tru64 UNIX is being used for Web-site and NTES
• DECNET network protocol is being used for all the
  applications

27
Security levels OS

• Use of proprietary OS and networking protocol,
  whose usage is limited makes it difficult for
  hackers and intruders to affect the system.
• Both Open VMS and Tru64 UNIX are very secure OS
  and regular updates and patches are applied,
  whenever they are released.

28
Security levels OS

• OpenVMS provides for high grade of security
  features-
• Proprietary and closed features of the OS
  provides additional security
• Passwords at two levels

29
Security levels OS

• Limited User Accounts with privilege policy
  according to user specific needs.
• The protection privileges of the critical
  application programs have been set, so that they
  can be run only from the specified user accounts.
• Both OVMS and Tru64 have extensive logging and
  auditing features, which can be enabled.

30
Security levels - Application

• Security/ Privileges at two levels-
• User level
• Terminal level

31
Terminal/User Level Privileges

• Hierarchical privileges at User/ Terminal level
• Enquiry - only read access to the database
• Booking - Write access for ticketing only
• Supervisory - Updates on the database for
  implementing special functionalities

32
Terminal/User Level Privileges

• Hierarchical privileges at User/ Terminal level
• Charting - Supervisory privileges and and making
  of Charts
• Database - Updates for changing train config. In
  a controlled manner
• Manager - All the above privileges

33
Security in Call Centre/ Enquiries

• Presently two call centres are being run by
  Railway premises Secure (Patna, Blore)
• Backend PRS / NTES connected to the call centre
  in a secure manner
• Future Call centres coming up in all states.
• Information would be given on 139.

34
Security of Web-site through Firewall

• .

35
Network layout diagram
http//www.indianrail.gov.in
36
Why Firewall?

• Ensuring Maximum Security
• Virus checking
• URL Blocking blacklisting
• Comprehensive logging

37
Insuring Maximum Security Comprehensive
Logging

• Session information
• Date, time, and duration of connection
• Source destination host, user name
• Amount of data transferred

38
Insuring Maximum Security Comprehensive
Logging

• Firewall integrity and operation
• Login and login attempts
• Unauthorized modification of system files
• Disk space shortages
• Separate log file for each service
• Automatic backup

39
Regular steps taken for Web security

• Periodic change of passwords at the firewall,
  web server, mail server and internet backend
  servers.
• Regular checking of firewall status and its log
  files.
• Latest patches and upgrades have been applied.

40
Regular steps taken for Web security

• Checking of web server files, directories and
  user accounts.
• Disabling of unwanted services on the web
  servers.
• Regular backups of configuration files and
  source code files
• All logins on the internet backend server are
  logged and monitored

41
Future Plan

• Periodic Audit of the System
• Security related training for personnel
• All PRS servers to sit behind Firewall.
• Digital Signature/ Certification Agencies

42
(No Transcript)
43

• THANK YOU

44
Deepak Chhabra

• E-mail dchhabra_at_cris.org.in
• Web-site
• http//www.cris.org.in
• http//www.indianrail.gov.in
• http//www.trainenquiry.com
• Phones 011-24672421