It is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.Two major aspects of information security are:IT securityInformation assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost.One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise.
The policy is applicable to A. Locations, Business Functions and People(all employees, service providers ,partners, contractors etc. using ONGC’s Information resources)B.Information Assetsall documents in electronic form- e-mail, reports, database etc.All paper documents such as Designs, Manuals, Drawings and Contracts etc.All Hardware, Software , Utility and Media AssetsAll Information Processing and Communication Facilities such as Data Centers, Scada Centers, server Rooms and Control Rooms, Communication Centers.People (Employees, Temp Staff, Contractual Personnel)All information related to intellectual property such as Patents, trademarks, copyrights etcONGC’s Reputation (Brand Value)
Communication & information security final
BROADBAND WIRELESS ACCESS
BASICS OF SIGNALLING
Switch or Exchange
On lifting telephone (off hook ) current flows from Switch or Exchange to the
telephone and back. This is called as a “Loop extension”.
Mainly uses two types of dialing -- Pulse Dialing and Tone Dialing
VARIOUS TONES AND SIGNALLING TYPES
Technology used in Signaling - Most of the Conventional Telephone
Exchanges uses SS7 signaling protocol for signaling purpose. Signaling System
No. 7 (SS7) is a set of telephony signaling protocols which are used to set up
most of the world's public switched telephone network (PSTN) telephone calls.
SS7 signaling uses Common Channel Signaling (CCS) in which the path and facility
used by the signaling is separate and distinct from the telecommunications
channels that will ultimately carry the telephone conversation. With CCS, it
becomes possible to exchange signaling without first seizing a facility, leading to
significant savings and performance increases in both signaling and facility usage
SETUP IN ONGC
Copper, fiber, Radio(Media)
Fiber, Radio, Sattelite (Media)
Fiber, Radio,V-sat, Sattelite (Media)
BWA network uses Wimax Technology
Wimax (Worldwide Interoperability of Microwave Access ) refers to
interoperable implementations of the IEEE 802.16 family of wirelessnetworks standards ratified by the WiMAX Forum.
WiMAX can provide two forms of wireless service:
Non-line-of-sight service is a WiFi sort of service. Here a small antenna on
your computer connects to the WiMAX tower. In this mode, WiMAX uses a
lower frequency range (similar to WiFi).
Line-of-sight service, where a fixed dish antenna points straight at the
WiMAX tower from a rooftop or pole. The line-of-sight connection is
stronger and more stable, so it's able to send a lot of data with fewer errors.
Line-of-sight transmissions use higher frequencies, with ranges reaching a
possible 66 GHz.
Up to 54 Mbps
Up to 300 ft 5 to 6 Ghz
Up to 11 Mbps
Up to 300 ft 2.4 Ghz
Up to 54 Mbps
Up to 300 ft 3.5 Ghz
Up to 75 Mbps 3-5 miles
< 11 GHz
Up to 15 Mbps 3-5 miles
< 6 GHz
TYPICAL BWA NETWORK
W/O Rig- Beyond WImax Coverage
W/O Rig -WIMAX
Media gateway &
•Satellite Communication operates in Microwave frequency Band and
Can be considered as a Repeater placed in Space.
•It consist of ground-based or Earth stations (i.e. parabolic antennas)
and orbiting transponders which receives signal from the ground unit
(uplink) amplifies it and then transmits it back to earth (downlink).
• Large coverage area across terrestrial boundaries, cost is independent
of the distance.
Signal processing equipment
Multiplexing /demultiplexing equipment
Equipment for connection with the terrestrial network
GENERAL OPERATIONAL DIAGRAM OF SES
EVOLUTION OF SATCOM IN ONGC
In 1982-83, two Satellite Earth Stations at Uran and BHN (offshore) were
established under „Titan‟ project in Mumbai. Subsequently three more SES at
Hazira, BPA and Heera were setup during mid/late 80‟s.
During early 90’s 5 more SES were installed at DDN, BDA, NZR, AGT, JDR and RJY.
Two SES of DOT at KOL, Chennai and NTPC Delhi Were used.
During 2000, VSAT based SATCOM network was established to cover 21
locations for providing voice and data circuits.
MFTDMA – C-band VSAT:
During 2008-09, MFTDMA based SATCOM network was established to cover the
field installations like Production Installations, Geophysical Field Parties, and
INTRODUCTION TO VSAT
A class of Very Small Aperture Terminal,
Intelligent satellite earth station,
Suitable for easy on-premise installation,
Capable of supporting a wide range of two-way, integrated
telecommunication and information services.
consisting of hub, a relatively large central station and many VSAT
(remote) earth stations
network with star/ mesh topology
Data rate - low to medium bit rate (<= 2 Mbytes/sec)
Ku (14/11-12 GHz) and C (6/4 GHz) operation
MFTDMA BASED C-BAND VSAT
The project was based on MF-TDMA technology, covers 183 Satcom locations &
25 radio links spread across the country. Under the project the following
installations have been provided with Satcom links.
Production installations at various Assets (3.8m/ 2.4m)
Geophysical Field Parties (2.4m)
On-shore Drilling Rigs (2.4m)
Augmentation of 8 off-shore Drilling Rigs
• Based on IP technology, capable of handling fast data rates and provide a
highly reliable and bandwidth efficient solutions for Voice & Data
• Providing communication links between the field locations and their
respective Assets/Basins for Enterprise Wide on-line SCADA to facilitate
analysis of valuable well / Process data and Drilling data available in the
• To ensure access to various corporate wide I.T. applications like SAP,
Intranet/internet, e-mail from these field installations.
The objectives of ONGC is production of Oil and Natural gas. So ONGC
basically deals with production aspect of the business. So, IT plays major role
in supporting the company. All organisation need to be supported by network
and communication so that the data can be transferred efficiently from and
location to other.
Some of the fields of IT are• Information sharing and faster access of data.
• Bulk storage of data.
• Secured and reliable storage of information.
• Major role in ERP
Integrated LAN & WAN infrastructure is available at all Regions, Projects, sites,
institutes, offices comprising of-
Campus wide LAN network using layer-2 switches & using backbones as UTP &
OFC in all the work centers.
All work centers are connected to Corporate Head Quarters over WAN (layer-3)
using ICNET/leased Lines & Ku Band VSATs.
Managed or Un-Managed Hubs
ISDN (BRI) based WAN channels.
Leased Line modems etc.
• The data centre at Scope Minar hosts various critical applications/ services
such as Mail, ONGC reports portal, tenders web site, ONGC India website,
Internet gateway, Antivirus, URL filtering. Besides the above, servers for
NOC and SCADA are also hosted in Scope Minar Data centre.
• IT Infrastructure Maintenance and Management services (IT-IMMS)
comprising of Maintenance Support Services (MSS) and Facility
Management Services (FMS) for its existing and upcoming IT
• The IT Infrastructure Maintenance and Management services (IT-IMMS)
contract shall be a rate contract to be operated by In-charges of
INFOCOM at various work centres to provide MSS & FMS support to IT
• Network & Information Security- The contractor will have to follow the
prevailing ONGC IS policy and guidelines & methodology of industry
standard ISO 27000
Maintenance Support Services (MSS)
This involves comprehensive maintenance and repair of all IT hardware
covered under the contract including replacement of parts, modules, submodules, assemblies, sub-assemblies, spares etc. to make the system
operational. This will include all kinds of breakdown and preventive
maintenance. The breakdown could be for any reason, whatsoever.
Facility Management Services (FMS)
This comprises Network management services, Periodic Network audit,
Server Management services, Back-up services, Desktop management
services, Active Directory, e-mail services, Antivirus management services,
Internet access gateway management including firewalls, IPS, web content/
URL filtering (Employee Internet Management services), proxy servers/
services, Information security services, Asset management services, Vendor
management services, Help Desk services and creation of resource bank. It
does not include ERP Data & E&P Servers
• Service Desk – centralised software CA Service desk installed at Network
Operation Centre (NOC), SCOPE Minar, Delhi that is used for call logging,
monitoring and resolution.
• ONGC has deployed CA IT Client manager as a part of desktop
management. The tool provides Asset Tracking capabilities through
automated discovery Hardware and software inventory, configuration
management, software use monitoring, remote control.
Vision and Mission
To become a leading organization having mature management
system for information security matching with best in class
information security practices covering people, process and
To establish, implement, operate, monitor and continually
improve Information Security Management System that is
aligned with Business Objectives.
ISO27001 formally specifies how to establish an Information Security
Management System (ISMS).
The adoption of an ISMS is a strategic decision.
The design and implementation of an organization’s ISMS is influenced by its
business and security objectives, its security risks and control requirements,
the processes employed and the size and structure of the organization: a
simple situation requires a simple ISMS.
The ISMS will evolve systematically in response to changing risks.
Compliance with ISO27001 can be formally assessed and certified. A
certified ISMS builds confidence in the organization’s approach to
information security management among stakeholders.
PERODIC REVIEW & VIOLATION
Information Security Policies, shall be reviewed on half yearly basis
or if significant changes occur to ensure its continuing suitability,
adequacy, and effectiveness.
Non-compliance or violation of Information Security policy shall
result in disciplinary action as per CDA Rules.