7/30/2019 BMC MAS e-Gov

http://slidepdf.com/reader/full/bmc-mas-e-gov 1/4

Privacy & Security Policy

Server Security:(Give details about security technique deployed, use of digital signatures, encryption etc. #)

The BMC server landscape follows high standards of security of servers. This is described as below:

1. All ERP and backend servers are kept behinds firewall that is configured to restrict anyunauthorized and malicious access. SAP Web dispatcher is configured to provide single pointof entry having configured with single IP Address, Port and URL for both internet and intranetbased access requests.

2. The web dispatcher is configured in a dematerialized zone (DMZ) which confers to thestandard security mechanism, disallowing any malicious or deformed access to backendservers:

3. The productive server environment follows clustered system approach, having failovermechanism and load balancing; thus making the server infrastructure scalable and high

availability.

Access Security:Follows protection mechanism has been adopted for securing user access to BMC systems:

1. User access to BMC services is maintained through SAP Portal server which serves as asingle point of access to all applications and services that have been deployed throughout theSAP landscape. It authenticates users through basic login mechanism and certificate basedauthentication.

2. Access to SAP backend servers is configured via SAP Portal using Single-Sign-On with aconsistent reference system schema.

7/30/2019 BMC MAS e-Gov

http://slidepdf.com/reader/full/bmc-mas-e-gov 2/4

3. Even the anonymous access to BMC Portal is configured using named user IDs i.e. no webbased request is kept without authentication.

4. All authentication data is stored and shared among servers in encrypted form using DSA 128bits and 256 bit encryption mechanism, making the password cracking futile.

5. No user is allowed to have direct access to backend services; except authorized BMCprofessionals and consulting team, which accesses it either through intranet or securedinternet channel. All users access backend systems through mapped reference system andcommunication user that restricts any unmapped user ID to have access to backend ERP

This is useful in cases where frontend authentication has been compromised via various bruteforce attack methods using malicious user login but still the back applications cannot beaccessed until the authenticated user ID is not properly mapped and assigned to referencesystem and communication user by some administrator. 

6. Password locking and expiry mechanism is used to protect password guessing andunauthorized access by malicious users and systems. 

Content Security:The content exposed through SAP Portal that is accessed through aforementioned DMZ channeland authenticated using aforementioned mechanisms, is secured using below methods:

1. The users are configured in various groups like anonymous users, BMC user groups (wardusers group, accounts group, call center users group, department based group) andadministrative user groups and content access is assigned to these groups using variousroles. Hence, no user is having direct assignment to Portal content. This restricts the users todirectly access content without navigating through Portal access structure and hence,disallows malicious URL rewriting.

2. All content is displayed within Portal content framework which does not overwrites the topURL with application links and not disclosing underlying request-response cycle, hencemaking access to direct application links unassailable.

3. The URL to application iView is formed using encrypted short URLS which does not disclosethe actual application details and parameters in Productive environment for e.g. in the URL

http://www.bmconline.gov.in/irj/portal?NavigationTarget=navurl://369881d42bdddde6093b379fae492262  the navigation target value represents an SAP application and is encrypted andregenerated each time by the Portal server; hence masking the actual content that is targetedusing the URL and it’s parameters. 

4. All content iViews are marked as monitored and hence, each access to Portal content viaiViews is registered.

5. Each visitors details, like IP address, date-time and content accessed is registered hencemaking backtracking for malicious access easier.

E-Inclusion

(Give details about impact on number of trips required, availability of local language interface, andonline submission of forms, and accessibility for disabled people, length and breadth of servicesmade available online etc.)

1. MAS Portal covers all the services that are currently being governed and addressed by BMCe.g. Property, Water, Birth and Death, Marriage, Commercial Licenses, Building Permission,Grievance, Ration Card, Court Cases etc.; allowing users to submit applications, checkstatus, pay fee and taxes and print receipts. This also provides single access point to BMCofficial users also to check and approve applications, receive payments and deliver servicesand certificates. 

7/30/2019 BMC MAS e-Gov

http://slidepdf.com/reader/full/bmc-mas-e-gov 3/4

2. It also includes revenue based services like tax collections, license fee and usage chargeswhich are designed to work in dual mode: offline and online.

3. Offline mode confers to payment through various BMC payment counters and online moderefers to payment through secure online payment gateway using debit/ credit cards and netbanking; both are them are accessible using single MAS interface. 

4. MAS Portal requires single login to access all services that have been deployed throughoutthe landscape and serves as a single point of access to all applications and services. 

5. Heavily used services like payment receipts, online payments, certificates and licensesprinting and Grievance are provided as quick links on the Homepage itself to increaseusability and easy navigation. 

6. The SAP landscape is maintained as a Unicode system, hence it supports content in multiplelanguages and standard content language is English and Hindi whereas Hindi font ismaintained using official Mangal Unicode version.

7. Information related to various latest BMC activities, ongoing & existing reforms, upcoming andexisting BMC services, organizational addressability matrix and PDF forms for offlinesubmission are available on Homepage itself to increase usability and easy navigation. 

8. Direct URL redirection is used for citizen oriented services such that entering BMC public URL(www.bmconline.gov.in) directly takes users to MAS Homepage with no further clicksrequired. 

9. MAS Portal uses optimized theme and rendering techniques that allows uniform renderingand display of Portal pages on multiple browsers across platforms including mobile platforms.  

10. Provisions are made for high contrast CSS theme for visually challenged visitors that requirecontent to be displayed in high resolution and contrast instead of standard contrast. This hasbeen configured through Personalization link which is available on request.  

11. A universal help link is configured on top right corner of MAS Portal Masthead to providedocumented help about various services, their usage and flows with details and screenshots.  

Sustainability(Give details about sustainability w.r.t. technology (technology use, user privacy, security of

information shared-Digital Signature/Encryption etc. #), Organization (hiring trained staff, trainingetc. #), financial (Scope for revenue generation etc. #)

1. The SAP System landscape consists of clustered technology usage for productiveenvironment, allowing Symmetrical Multi-Processor (SMP).

2. This caters to high availability and scalability of operations through usage of small number of application hosts, known as cluster nodes, allowing failover mechanism and load balancing.

3. It also allows physical or virtual shared disk systems with Concurrent and Non-ConcurrentDisk Access handled by distributed lock management system, tightly integrated in theoperating system of SAP hosts.

4. The SAP Web dispatcher serves as a reverse proxy, a message server and load balancer for all inbound requests, thus allowing single point of usage maintenance and allowed dataheaders passed through various HTTP requests.

5. The connector objects for the backend systems use pooling and switch over mechanism witha defined idle time threshold, allowing more concurrent user access with optimal usage of physical channel bandwidth in an efficient manner.

6. All user authentication data is stored and communicated via servers using DSA 128 bitencryption behind firewalls, hence provide top-level user data security and privacy.

7/30/2019 BMC MAS e-Gov

http://slidepdf.com/reader/full/bmc-mas-e-gov 4/4

7. Clear segregation of users in groups for accessing data and services allows unambiguousrole based access.

8. The BMC staff has been trained by the consulting team for all aspects of citizen orientedservices using the MAS system so that they can cater the real time users in effective andefficient manner.

9.  A universal help link is configured on top right corner of MAS Portal Masthead to providedocumented help about various services, their usage and flows with details and screenshots.  

10. The revenue based services like tax collections, license fee and usage charges are designedto work in dual mode: offline and online; with both modes collection having separatedmonitoring and reporting.

11. The online revenue collection services use 128 bit DSA encrypted secure channel paymentthrough an online payment gateway with well-defined payment tracking and reconciliationmechanisms using various on-demand and eventual reports.