• IMaRC : International Management and Resource Center
  • IMaRC is a 24x7 service Center
  • It is headquartered in Bangalore
  • IMaRC facilities in Mumbai India, Singapore, Melbourne, Australia and New York USA

The management of the organizations network involves the transmission of network data and handling of management data in the IMaRC. The whole process has to be covered by a comprehensive security framework at various stages of process.

The very first stage could be in the access of the customers network by the IMaRC. The various security risks involved are:

Customer's confidential data might be accessible to the service provider

The connectivity between the service provider and the customer may be insecure. This may allow others to monitor or copy the information passing through the link

If the Service provider's network is vulnerable to attacks, customer's data is not secure

At the IMaRC, there are equally important security issues:

Customer's network could be reachable by other customers. This may provide loopholes for external world to reach the internal network

In catering to various customers, it has to be ensured that one customer's data is not mixed with another customer's data.

Since many networks are connected from the IMaRC, one customer should not be able to find his way to another customer's network through the IMaRC.

There is a possibility that unauthorized user may misuse the access privileges.

To address this issues, the various aspects of the management of the customers network from the IMaRC needs to be secured.

Security is addressed in comprehensive manner in the IMaRC. The various aspects of security that are addressed are:

Physical Security`

Physical security is the first line of defense to secure the IMaRC and therefore the networks, which are managed by the IMaRC. The following illustrates the various steps taken to secure the physical premises of the network-operating center:

Use of Biometrics along with access card for restricted physical access.

The Cable connections from the router/Modem are secured in a Wall-mounted cupboard. Access to the cupboard is restricted.

Close Circuit TV / Surveillance camera monitors IMaRC.

Onsite and off-site back-ups are maintained in a safety locker with restricted access.

Movements of non-IMaRC employees are tracked using sign-in and sign-out register.

Portable storage devices are not allowed inside the IMaRC.

A dedicated fully redundant UPS ensures that there are no power outages.

Logical Security

Logical Security addresses the various components of the IS Infrastructure that are a part of the remote network management. The components of logical security are:

Network Security

The IMaRC delivers the services over the Internet using various modes of communication. There are various options to connect the customer to the IMaRC –

Frame Relay PVC

The Frame Relay PVC is secured in the secured in the following manners:

Data encapsulated at IMaRC/Customer end gets de encapsulated only at the other end

Secure Shell (SSH) Communication is enabled between IMaRC and Customer

Internet VPN (Permanent/dialup link

For Customers whose network is managed through Internet, a secure Virtual Private Network (VPN) will be configured to manage from IMaRC. VPN uses the IPSec protocol, instead of the usual TCP/IP protocol, to provide secure communication.

Apart from the steps specific to the mode of access, the IMaRC has implemented various other measures to keep the network secure from any security breaches:

An integrated Firewall and Intrusion Detection system is used to prevent any malicious access from any external network.

Static routes are carefully configured in the router so that Customers can only reach till IMaRC. Route filters are added to routers to restrict routing table exchange between IMaRC and customers.

Access lists are configured at IMaRC routers to restrict any traffic between two different customers through IMaRC.

Different encryption keys are configured for different customers.

Data Security

To remotely manage networks, only the network data needs to be transferred to the IMaRC. Therefore, the traffic generated from IMaRC is used only for device management. IMaRC does not access data at the customer end.

The passwords of the devices of the remote network are secured from un-authorized usage by the usage of a comprehensive password security policy

Respective permissions and rights are assigned to files and folders. This allows only authorized people to access the data.

Root privilege is never assigned for any of the normal network management activities. It is needed only when the implementation or trouble-shooting has to be done.

FTP and Telnet access from IMaRC for Log Analysis, Corrective measurements etc., are provided based on the requirement (as one time activity).

The Firewall at IMaRC blocks any data traffic to and from IMaRC.

All reports and other information for the customers are posted on the secure web site, which needs authentication. Different user accounts will be created for different customers. Every customer's Information is stored in different folders and rights are given to respective customers for their folders.

Organizational Security

The Security management guidelines for IMaRC are defined in the Security Policy. This policy is based on the most widely accepted standard for information security - BS 7799. The policy establishes security implementation practices for the protection of IMaRC's information assets on network and computing environments.

Compliance with this Standard is mandatory and is subject to audit inspection periodically by certified information security consultants.

The Security policy has guidelines for the various processes in the IMaRC, which aim to keep all the components secure. The security policy addresses the following areas, among others:

Organizational Workflow

Escalation Policy

Access Control

Configuration policies for various components

Back-up and Disaster recovery

Security Management