Hide Menu
Network Setups and Application developments at RRCAT

  1. Collaborative Messaging Setup Using FOSS

    A new electronic mailing / messaging cluster setup is commissioned for in-house usage by ~2000 engineers/scientists/scholars/administrative staff posted at RRCAT, Indore. The new setup has many new features and also provides enhanced user email data storage space. The setup integrates redundant hardware / software components for reliable and efficient performance.

    This setup has been commissioned using 08 numbers of high end servers (each server has 02 x 08 core Xeon E5-2650 v3 2.4 GHz processors, 64/128GB RAM, 02 x 10Gbps Ethernet interfaces, 08 x 600GB 10K RPM SAS Hard disks), 02 numbers of Redundant Array of Inexpensive Disks (RAID) arrays (each with 10 TB aggregated capacity, achieved using RAID 6 configured using 23 x 600GB 15K RPM 12 Gbps SAS hard disks and connected with Fiber Channel (FC) interface of 16Gpbs bandwidth), 02 numbers of 16 port 16 Gbps FC Storage Area Network (SAN) switches and 02 numbers of 16 port, 10Gbps Ethernet switches.

    All 08 numbers of servers are loaded with FreeBSD (ver 11.0) operating system and provisioned with storage partitions formatted using EXT4 file system. For redundancy and enhanced performance, two servers are configured as SMTP/IMAP servers, two as webmail servers, two as spam filter servers and rest of the two as SMTP authentication servers. All these servers are interconnected using a 10Gbps Ethernet network switch. Storage arrays are connected to the servers using 16 Gbps Fiber Channel (FC).

    The free open source software, Postfix (ver. 2.6.6), has been configured as the MTA (Mail Transfer Agent) and MDA (Mail Delivery Agent). Webmail / HTTP (Hyper Text Transfer Protocol) access is provided using Apache (ver. 2.4.27) web server and Roundcube (ver. 1.3.0) which is a popular, free and open source webmail software. IMAP (Internet Message Access Protocol) / POP (Post Office Protocol) access is provided using the dovecot (ver. 2.2.31) server. Maildir based message storing scheme has been implemented for fast access of mailboxes. MySQL (ver. 5.6.37) has been configured for storing user profiles and address books. Sieve language has been used for email filtering and processing. Spam filtering has been achieved using amavisd-new (ver. 2.11.0), spamasassin (ver. 3.4.1) and clamav (ver. 0.99.2). For email access over internet, additional paper based OTP (One Time Password) scheme has been implemented for Two Factor Authentication (TFA) and roundcube has been customized to use the paper based OTP, by rewriting the code.

  2. Paper Based 2FA Setup for Secure Access of Online Applications over Internet

    A paper based 2FA setup for secure access of online applications over Internet has been designed, developed and deployed in the Internet DeMilitarized Zone (DMZ). Secure hypertext transfer protocol, Two Factor Authentication (2FA) and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) techniques have been used for enhancing security of the online applications requiring authentication. Conventional login name and password has been used as the first factor of authentication. One Time Password (OTP), prefixed with a code, has been used as the second factor of authentication. The setup has been integrated in webmail for secure access of RRCAT email services over Internet. Prior registration of the user is required for successful login. The user registration can be done from within RRCAT campus only. Required number of OTPs along with a OTP prefix code (to be memorized), can be generated by using the registration page.

  3. Multilayered Firewall and Router Setup

    External (internet) connectivity to RRCATNet has been provided using three internet leased links. These links are connected to RRCATNet using routers. We have successfully replaced commercial routers by open source operating system based routers. These routers and load balancers have provided finer control and much improved perimeter level security for RRCATNet.

  4. WIFI MANAGEMENT SYSTEM

    A centralized controlled wi-fi zone at RRCAT has been designed and deployed using open source software and integrated with in-housed developed software modules to provide seamless and fast access to guests visiting RRCAT. Guest House at RRCAT, which is spread horizontally and vertically, requires different layout of access points at various locations to cover the complete area with seamless roaming access. Complete setup has been designed and developed over virtual machines. To improve connectivity of backbone OFC from BSNL MUX, it is connected in ring topology. Wireless network is isolated from RRCAT Network and it has been implemented using separate leased line of 34 (1:4) Mbps bandwidth. Access mechanism for RRCAT wireless network has been designed in such a way that presence of technical assistance personal is not required at any moment of time. Access to wi-fi network is based on time controlled password activation mechanism, which is simple to use but highly traceable and secure.

  5. Customized SIEM and Network Traffic profiling Setup

    To monitor Internet and Intranet DMZ traffic for network security threats, a customized SIEM and Network traffic profiling setup has been designed and developed. The setup has been designed using 4 components 1) OSSIM - Open source Security Information and Event Management system , 2) nfsen - GUI tool used to display netflow data processed by nfdump tool, 3) Squirt – provides IDS alerts, 4) RRCATSIEM – contains custom developed scripts - a) to generate monitoring console which shows traffic details. It includes Intranet side IPs performing top upload, top downloads, Internet IPs accessing http, https, SMTP, dns, vpn ports from outside, b) Intrusion prevention scripts to block malicious IPs identified by the system. All components have been integrated and scripts have been developed to get access of consolidated data through a single window.

  6. Software for detection and blocking of malware infected PCs on RRCATNet

    Software has been developed and deployed for detecting and blocking PCs generating unwarranted internet traffic on RRCATNet. Malware infected PCs have been found to access proxy servers quiet often and generate lot of logs, thereby reducing server performance by engaging the server processor in i/o wait states. The developed software, continuously monitors the proxy server log files for PCs generating excessive “TCP_DENIED” logs and blocks them. The software automatically blocks the malware infected PC from accessing the proxy server temporarily, by changing the routing table of the server. This reduces the load on proxy servers. The list of all such blocked systems is displayed on a web page, accessible to the proxy administrator. The software also provides blocked users the option to unblock their PC, using a browser. The user is expected to ensure that the malware responsible for the blocking of PC, has been removed. To help user in finding the malware application in their PC, necessary help and free software are also provided in the URL accessible using the link “Internet Access Status” on RRCATInfonet. The software also gives administrator an option for removing blocked PC’s from the block list, either individually or in groups. With the deployment of this software, the size of proxy server log files, have got reduced by a factor of 10 and there has been a remarkable improvement in the performance of the proxy servers.

  7. Software for generating notifications on over usage of Internet bandwidth

    Software for generating and sending automated email intimation to Internet users - exceeding 5GB (per week) limit, has been developed and deployed. In order to optimize Internet bandwidth usage, the developed software analyzes proxy access log reports and identifies users exceeding the weekly usage limit of 5GB. It generates emails with attachment of logs of Internet usage and intimates such users and their Head of Division/Independent Sections (HoD/IS) of RRCAT.

  8. Network Node Life Cycle Management System

    Network Node Life Cycle Management System is designed, developed and deployed on RRCATNet, to record and manage information related to various network activities performed on various network nodes attached to RRCATNet. Information related to every network node’s physical location, connectivity status at different times, details of Internet accesses and email transactions performed from a node, throughout its entire life cycle is managed in this system. This helps in performing forensic analysis of network nodes. The system uses connection logs stored in Network Access Control (NAC) server, Dynamic Host Configuration Protocol (DHCP) server logs, mail server logs and proxy server logs stored in various servers, converts the flat log files into database and provides intuitive interfaces for performing correlational analysis and report generation. The system is developed using PHP, java scripts and MYSQL is used as backend data store. The system has five major modules – a) Log file parser module – In this module parsers have been developed to process huge log files and extract meaningful data, and store it in database for faster analysis. b) Data updating module - This module is developed to update the log database automatically on daily basis. c) Comprehensive report generation module – In this module user friendly web based application is developed to provide single point access to multiple server logs stored in database format. This module has options for generating reports related to Internet Accesses, Email transactions and network connections made by nodes on network. Query preprocessing and optimization has been done for faster data retrieval d) Analysis module - This module is developed for analysis purpose. It generates pie charts, illustrating top 10 frequently accessed websites and regular mail sender/receivers (overall as well as for specific time duration) on RRCATNet.

  9. Email Account Life Cycle Management System

    The design, development and deployment of Email Account Life Cycle Management System (EALMS) was completed. The system allows the email administrator to i) automate the entire process of email account life cycle management, from its creation to deletion and ii) to enforce email account management policies. The system has been developed, to create email accounts in three steps, namely, Request, Approval and Creation. Every step can only be performed after proper authorization. The “Request Module” allows the necessary email account request details, to be entered. This is primarily meant for initial level data entry. The “Approve Module” allows the email account moderator to approve the request generated using the “Request Module”, after examining details of the ‘to be created account’. The module has provisions to change the group and account validity parameters. The “Create Module” allows the email account administrators to create the approved account. The account creation form is auto filled with the approved data. The “Delete Module”, allows archiving of the directory of the “to be deleted account”, before actual deletion. The status, validity and the password expiration time values are changed automatically to mark the account as ‘deleted’. The “Reporting Module” allows generation of reports in Portable Document Format (PDF) format, based on various search filters.

  10. User and Device Tracking in Private Networks by Correlating Logs: A System for Responsive Forensic Analysis:

    IP address of a device, from where an offending activity was performed, is of limited value, because it does not specify a physical device/user, but an endpoint in network. It is useful to have information about where a device/user was at the time the offending activity was performed. It would be desirable to correlate different pieces of evidence to discover information, such as IP addresses used by the same device, physical address and location of the device, connection time of the device, browsing habits and mail access transactions carried out by the user using the device. Log data from various sources are required to be correlated together to create contexts of information, which is not visible from one source alone. In large networks, users/devices accessing a private network repeatedly can be tracked by analyzing and correlating DHCP, Network Access Control, WWW, Email server logs. With huge amount of logs, the common approach of manual browsing, correlating of log events, based on timelines is tedious, unresponsive approach. Flat file based sequential search system is not responsive, hence RDBMS based tracking systems are desirable. To build a responsive system requires identifying, consolidating log files, conversion, transmission and storage into relational databases. An automated system has been developed at our organization for forensic analysis of network accesses, with device and user tracking as its goal. We present, our approach to perform log management, correlation, which assists in performing responsive forensic analysis of real network with more than 2500 nodes, aimed at tracking users/devices.

  11. Web Server Security Analyzer

    Threats and vulnerabilities are responsible for creating challenges in security of information. Web server environments and underlying Operating System (OS) hosting them rely on configuration settings that influence their security, usability, and performance. Misconfiguration results in severe security vulnerabilities. Security misconfiguration is among top ten threats identified in 2013 by OWASP (Open Web Application Security Project). While searching different classes of security analysis tools and techniques, generic web server security analysers are limited in identifying configuration vulnerabilities at application server as well as OS level. In this paper, we give a novel approach to do the following: (i) our approach effectively combines configuration scanning of application server and OS to provide secure web hosting environment; (ii) it performs comprehensive analysis to pinpoint configuration vulnerabilities; (iii) it quantifies the degree of severity based on standard metrics; and (iv) it facilitates remediation information of vulnerabilities found therein for establish compliance. Our approach results in a web-based tool to supplement defence against security misconfiguration vulnerabilities in web application server environment from its planning to deployment. Our tool, Web Server Security Analyser (WSSA), automatically audits security configuration settings of web application server development and deployment environments according to matrices of standard benchmark. Using WSSA, we are able to evaluate approximately 500 configuration directives of server packages like Apache, PHP and ModSecurity including Linux OS platform. Our evaluation reveals that the tool is able to audit current security configuration settings and alert users to fix the server environment to achieve the level of safety of security configuration with respect to recommended configurations for real-life web application deployment. WSSA is effective tool to perform misconfiguration analysis for early detection of misconfigurations which are prone to threat and vulnerabilities that could result in information disclosure, denial-of-service, and session hijacking attacks on the web server.

  12. Data Center Overheating Management System

    Data centre equipment are very sensitive and susceptible to environmental damage from excessive heat. Power outages that knock out cooling systems can lead to overheated servers in a matter of minutes. It is therefore mandatory to monitor the ambient temperature of the data centre or server room continuously on 24X7 basis and take necessary action (like shutdown the server) if temperature exceeds the threshold limit. Manual 24x7 monitoring requires additional man power. Moreover, monitoring all equipment of data centre or server room manually is not an efficient approach. The system provides an effective and cost efficient mechanism to automate this process using open source software’s and tools. Common Out of The Shelf (COTS) systems and Simple Network Management Protocol (SNMP) has been used to make the system vendor independent and cost effective. A comprehensive automated temperature monitoring and notification strategy for the equipment of data centre or server room have been developed. A mechanism to perform automatic shutdown of the servers when some event occurs or value changes like ambient temperature exceeds the shutdown threshold have also been implemented. The DCOMS is released and deployed on RRCAT network and is in regular use. Open source and free software and tools were used for developing DCOMS to make it cost effective. The system is modular and can be further enhanced to support other network maintenance support events.

  13. Web Intrusion Detection System

    Message Digest (MD5) checksum based Intrusion Detection and Prevention System is designed and developed for strengthening security of RRCAT official website. It works on the concept of checksum calculation for the entire set of static pages of the website. Whenever website contents are modified by authorized persons, changed checksum is calculated and stored. This stored checksum is compared with the checksum calculated on the fly by a background process, executing on a different server. This system plays a key role in ensuring the integrity of the website which can be caused by any unauthorized modification. If somehow, integrity of the website is compromised, WIDS automatically blocks the website and sends an unauthorized modification alert to the system administrators in the form of voice and email alerts. WIDS has provisions for performing authorized website updates. WIDS is successfully deployed on three number of web servers placed in Internet De Militarized Zone (DMZ) of RRCATNet.

  14. Secure Setup for Remote Access/Control of Scientific Instruments over Internet

    Every Research & Development (R&D) organization uses a large number of scientific instruments for performing various tests and experiments. In RRCAT also, such instruments are widely used in the INDUS-1 and 2, which are national level facilities. Expertise required to manage and maintain these cutting edge technology based instruments, is not common. Sometimes, the expert help is available only from some remote location on the other side of the globe. All these instruments, use TCP/IP mode of connectivity for networking, which can be utilized for providing remote access / control of the instrument over internet. Challenges are faced by organizations in providing remote access / control of these instruments, securely over the internet. Commercially available solutions for providing such a remote access / control have the advantage of convenience of configurations - in setting up and using - but face threat of data leakage due to usage of intermediate third party servers. The same ease of convenience and security can be achieved by using a gamut of Free Open Source Software (FOSS) tools. Application wrappers are required to be built on top of them, for making the entire solution convenient from both system administration and user’s point of view. The development of a secure infrastructure for providing remote access / control of scientific instruments has been done using FOSS tools. The solution has been designed, developed and deployed at RRCAT, Indore and is in regular use. The results are encouraging with about 50 sessions conducted using this infrastructure & no security incidents were reported.

  15. Centralized syslog and Open Source SECurity (OSSEC) log collection and analysis setup

    For consolidating logs, generated in internet DMZ servers and perimeter level routers, required for correlational analysis, a centralized syslog and OSSEC log collection cum analysis server has been commissioned on RRCATNet. Internet DMZ and perimeter routers related logs are sent to a syslog server which in turn transfers them to OSSEC server. Similarly proxy, authentication, firewall and mail servers send logs to OSSEC server. The OSSEC server raises an alert to the system administrator in the form of emails in case of any threat detected by parsing logs. The system generates automated alarms on occurrence of unusual log events. Open Source Software, Log Analyser, is installed on syslog server for graphical display of all the logs collected from different servers and routers.

  16. Password change reminder application

    RRCAT has an email password policy. As per the policy users are required to change password of their single sign-on id (to access email, Internet, RRCATInfonet services) at least once in six months. If users do not change password for six months, it will expire at the end of six months, after the last change. Users can change their password by using the option available on the email login page. To help the user to remember the requirement to change password, first reminder mail will be sent one month prior to the date of password expiry. Second and third reminders will be sent fifteen days and one day prior to the date of expiry of your password. In case user still fails to change the password, though the access to email and other services will be blocked, user can still change the password by using the change password option. The above procedure is fully implemented as an automated system.

  17. Commissioning of high performance and high availability Internet squid proxy server setup

    New high performance Internet squid proxy server setup is configured in high availability cluster mode with two servers(each with 2 no. of 64 bit, 2.8 GHz Hex core Xeon processors, 32 GB RAM and aggregated 8 Gbps network connectivity). Each server is loaded with Centos operating system and running four squid processes per server, to maximize the utilization of hardware resources. Both the proxy servers are configured with latest stable version of squid, freeware open-source proxy application software. Each server is configured with 1.2 TB of hard disk, formatted in rieser file system for caching purposes. Server end virus filtering capabilities are integrated in the setup with the help of I-CAP and SquidclamAV as interface to the popular open-source and freeware ClamAV antivirus software. The ClamAV virus database is updated on daily basis. Content filtering is achieved using Squid Guard. The blocking list has been updated as per RRCAT content access policy. The server has also been configured to block TOR (anonymity network) proxy access, TEAMVIEWER access and access to known MALWARE infected websites, based on the IP (Internet Protocol) reputation list. The CSF (ConfigServer Security and Firewall) firewall has been configured to enhance security of the proxy server setup. The proxy access logging setup has been reconfigured to work with the new set of servers. The entire setup has been created using freeware open-source software tools.

  18. Proactive Network Administration using Voice & Email alerts

    This system is designed, developed and deployed for performing proactive administration of RRCATNet. This application generates voice and email alerts in case of unauthorized modifications to RRCAT website, change of status of network switches, crossing of temperature of switches above a defined threshold and change in status of Internet links attached to RRCATNet. Open Source based Asterisk server is configured for generating voice call alerts. The major benefit of this system is that the network administrator gets immediate alerts about change in status of various devices and services, which substantially reduces their response time for attending a problem and rectifying the problem. Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP) along with PHP and BASH scripting languages have been used in the development of the system.

Best viewed in 1024x768 resolution