Network Security and Device Management Policy

Questions and Answers

What constitutes a violation of the email policy?

• Emailing personal birthday invitations to team members
• Archiving emails from a local disk
• Forwarding business-related newsletters
• Sending emails with obscene material (correct)

Which group of users can send mass emails to over 100 recipients?

• All service accounts
• Officers in grade H and above with approval (correct)
• Any user regardless of grade
• Officers in grade F and below

What is the storage quota for officers in grade F?

• 750MB (correct)
• 1GB
• 2GB
• 100MB

Who is responsible for backing up archived emails saved to local disks?

Individual users (A)

What type of emails should not be sent as mass mail according to the policy?

Mass emails promoting private businesses (D)

Which of the following is not considered inappropriate email usage?

Sending emails relevant to professional development (D)

What is the action that may result from inappropriate email usage?

Deactivation of the email account (B)

What should officers in grade G or lower do before sending mass emails?

Request approval from the head of business functions (A)

What is required in terms of time synchronization for network devices?

All devices must synchronize with a common source using NTP to IST. (C)

Which of the following actions is NOT permitted regarding LAN and WAN connectivity?

Providing leased lines without prior approval. (C)

What measures should be taken regarding device passwords before deployment?

Passwords must be changed as per the password policy. (B)

What is the requirement for remote access to the corporate network?

Access must be via secured VPN with two-factor authentication after approval. (C)

What must happen to unused ports and interfaces on devices?

They must be disabled. (A)

What is required regarding network equipment configuration backups?

Backups must occur at least once a month and after configuration changes. (C)

What should be done with CCTV connections to the corporate LAN?

CCTV connections must go through a security appliance if connecting to the corporate LAN. (A)

Which protocol is specified not to be used for remote access?

Telnet (C)

What is a requirement for wireless client systems according to the security policy?

They must use only corporate wireless connectivity. (C)

Which mechanism is used to manage access points in the corporate network?

Wireless controller. (D)

What type of authentication is mandated for access to wireless networks?

WPA2 with 802.1x/EAP/PEAP or latest. (C)

What is required for all wireless communication between clients and corporate networks?

It shall be encrypted. (D)

Which of the following is NOT allowed according to the wireless security policy?

Simultaneous connection between wired and wireless network on the same device. (D)

What must be deployed at corporate locations with permanent wireless networks?

Wireless intrusion prevention systems. (A)

How should access permissions for wireless clients be managed if IPS cannot be deployed?

Based on hardware/MAC address white-listing. (C)

What must be ensured regarding the separation of networks?

There must be a separation of wireless LAN from the wired LAN. (D)

What is the primary recommendation regarding updates to IT infrastructure?

Explore possible options on Cloud first. (D)

What factors should be assessed before adopting cloud services?

The nature of the work, data, and applications involved. (D)

Which of the following is NOT mentioned as a consideration in adopting cloud services?

Existing infrastructure costs. (A)

What is the recommended first step for new IT requirements?

Assess options available through cloud services. (A)

In which scenario is it advised to consider cloud services?

For a refresh of existing IT infrastructure. (B)

What is an essential component to evaluate when moving applications to the cloud?

The applications that will be moved. (B)

What should be the basis for adopting cloud services according to the given policy?

Assessment results of the specific requirements. (A)

Why is it important to assess data before adopting cloud services?

To understand the implications of data migration. (A)

What is required for any cloud service engagement according to the regulations?

Only use MeitY empaneled cloud service providers (A)

What must be implemented for handling sensitive personal data in the cloud?

Thorough examination and strict security controls (A)

What must be built into the contract for projects involving Aadhaar data?

Aadhaar related technical requirements (A)

What is the development architecture for IndianOil mobile applications based on?

Industry-wide open standards (A)

For external users, what type of connectivity is required between their devices and web servers?

SSL connectivity using public certificates (B)

What types of mobile applications has IndianOil adopted?

Applications for employees, dealers, and the general public (C)

Which of the following is NOT a key aspect of securing mobile devices for IndianOil?

Ignoring security updates (C)

What is a key requirement for network communication links to cloud service providers?

Approval from COIS before engagement (C)

Study Notes

Network Security and Policy

• Different network zones must be securely interconnected to maintain integrity and security.
• Utilize web security gateways, content filtering, and firewalls for controlling external network traffic.
• All network and infrastructure devices should implement Network Time Protocol (NTP) aligned with Indian Standard Time (IST).
• New network and infrastructure equipment must comply with IPV6 standards.

LAN and WAN Management

• Approval from COIS is mandatory for leased lines, MPLS VPNs, internet lines, and P2P communication links.
• Divisions can request bandwidth enhancements or reductions, subject to COIS's review.
• COIS governs the IP address scheme for LAN/WAN allocations.
• Rate contracts for WAN MPLS services must be finalized by COIS and utilized by divisions with prior approval for any extra needs.

Device Security Protocols

• Default settings and passwords of devices must be changed before deployment; passwords must align with policy standards.
• Secure protocols (SSH, SSL, IPsec) should be used for remote access, while insecure protocols like telnet must be disabled.
• All unused ports on devices need to be disabled, and devices should automatically close inactive sessions.
• Only approved routing protocols are allowed for WAN configurations.
• Regular (monthly) backups of device configurations are required, especially after changes.
• CCTV networks should be isolated from corporate LAN, connecting through a security appliance as needed.

Network Access Policies

• Remote access must be conducted via a secure VPN with two-factor authentication, granted on approval.
• Development, quality, and testing environments must be separated from the production environment.

Wireless Network Security

• Users must connect only via corporate wireless networks, avoiding external untrusted access points.
• Wireless LAN must be segregated from wired LAN, with regular maintenance and audits conducted.
• Wireless controllers are necessary for managing access points and limiting coverage.
• Tips for authentication: all wireless access must be authenticated with strong password policies and WPA2 encryption or better.

Email Usage Policy

• Strictly prohibits derogatory, offensive, political, or personal emails through corporate accounts.
• Sending mass emails requires authorization based on recipient count, restricted by user grade.
• Users must back up emails regularly; the administrator does not restore lost data due to user error.

Cloud Computing Strategy

• Explore cloud options for updating IT infrastructure, assessing data and application needs before adoption.
• Ensure compliance with cybersecurity and data regulation standards, specifically regarding data localization.
• Engage only MeitY empaneled Cloud Service Providers (CSP) for any services involving sensitive data.
• Must include strong security measures like data encryption and multi-factor authentication for projects with personal data.

Mobile Technology Integration

• Customized mobile applications aim to facilitate access for employees, dealers, consumers, and vendors.
• Development should adhere to open standards for compatibility with third-party solutions.
• Strong mobile device security must be maintained, utilizing SSL connections for external user access to corporate data.

Description

Test your knowledge on essential network security measures and policies related to LAN and WAN management. This quiz covers the protocols for secure connections, device security, and guidelines for effective network administration. Enhance your understanding of both infrastructure management and device configuration standards.