Web Hosting Services
ERNET India Website Updation Procedure
Procedure for Updation/Maintenance of Website Securely
[Operational/Running on ERNET INDIA Server]
The website, which is operational/running on ERNET INDIA Server, can be updated by the concerned User organization either through FTP over VPN facility (independently) or through forwarding revised/updated/modified files to Web Services Division By E-mail
1. Independently through FTP over VPN facility: -
1.1. Introduction: - ERNET INDIA provides File Transfer facility (FTP), which allows updation and maintenance of website from any remote location through VPN (Virtual Private Network) at your convenience. The FTP over VPN facility is a secured channel for this purpose. The facility can be availed by all the user Departments/Organizations, whose website/web-enabled application is operational on ERNET INDIA Server. In this connection, you are requested to kindly note/consider the following :
- Digital Signature Certificate would be valid for the period of one year from the date of issue. After completion of one year, you need to renew the VPN account.
- VPN User will be responsible for the safety of the VPN Username and password used for accessing VPN Service.
- The username password issued to be used only for accessing the ERNET INDIA VPN Service and not to be indulged in any activity. Also ensure that the related information about ERNET INDIA VPN Services is not disclosed, that may result in the breach of the ERNET INDIA facilities.
- The VPN services, provided by ERNET INDIA, cannot control the contents of the website being updated and hence ERNET INDIA will not be responsible for the contents of the website. Also, the VPN services offered will not be responsible for security breach of the website by exploiting vulnerabilities in the site updating services (FrontPage, FTP, SSH, SQL, etc.) and Web Services (HTTP). Also will not be responsible for security breach of the VPN Client software.
1.2. Obtaining FTP over VPN Facility: - The process involved the following stages :
- Forward filled-in Digital Certificate Request Form for VPN Services, available on the website of ERNET INDIA http://www.eis.ernet.in, to Web Services Division,ERNET India, New Delhi
- The Filled-in forms, received from the user will be verified and endorsed for creation of VPN User/Password
- ERNET INDIA, will forward user name and password to user for installation and Testing of establishment of FTP over VPN on Computer system (only on Client Machine) of User Organization. Installation of VPN should not be done on Server machine and also should not be behind Proxy Server.
- After establishment & testing of VPN, please send E-mail to webservices[at]eis[dot]ernet[dot]in confirming the successful establishment of VPN on Client Machine to obtain FTP User-ID & Password of the related website.
2. By Forwarding Updated Files to Web Services Division through E-mail: - ERNET INDIA extend uploading facility to the users for uploading updated/modified pages/files of their website, which are being forwarded to Web Services Division, ERNET INDIA through E-mail (webservices[at]eis[dot]ernet[dot]in).
- Open the running website and download the file (on your local Client Machine) using “View Source” option of your Browser, which you want to update/modify from your website.
- Open the downloaded file using HTML Editor i.e., FrontPage, NotePad, etc. to Edit the same as per your requirement.
- Save the revised file with the exactly same name along with preserving the Existing path, as it is running on the related website.
- Forward the softcopy revised/updated/modified files to Web Services Division in Email account webservices[at]eis[dot]ernet[dot]in for uploading the same on ERNET INDIA Web Server. Or, you can forward the revised/updated/modified files to Web Services Division on storage media (CD, PEN Drive, etc.) through covering letter. This E-mail/letter should contain the following.
- Description of files & Folder details (if any), being attached with the Email.
- Website URL of your running website.
- Web Services Division will upload such revised files in your website area (on ERNET INDIA Server) to replace the old files. Subsequently, an E-mail reply also would be sent by WSD in your (originating) E-mail account to confirm the updation & checking of the revised contents.
- Note the following Important Points.
- Do not send printed documents to Web Services Division for updation of the website. ERNET INDIA will not entertain such request for website updations.
- Send only those file formats to Web Services Division, which are available on your running website, for updation, as ERNET INDIA entertain only those running file formats.
3. Desktop Security [for FTP over VPN]
- Keep details related to VPN ID/Password, FTP User-ID/Password & Digital Certificate safe & secured
- Ensure that the Client Machine being used for maintaining the website(s) is virusfree. Install and maintain updated anti-virus software at gateway and desktop level, besides installing personal firewall.
- Configure client system with least privileges and use Administrator account judiciously. Keep up-to-date patches and fixes on the operating system and application software
- Enforce Password policy & use b passwords, besides locking of Desktop by password protected screen savers.
- Also ensure that the web-contents being uploaded on allocated web-space are virusfree.
- Preventing unauthorized software/freeware and Block the use of unauthorized USB drives
- Exercise caution while opening unsolicited emails and do not click on a link embedded within
- Disable Active scripting except for trusted websites. Browse the Internet safely And disable Unrecognized BHO (Browser Helper Object)
- Avoiding change in IP address of the Client systems
- Use wireless networks with securely
4. Precaution to avoid insertion of Malicious Malwares: - It is observed in some of the web pages that some malicious malwares get inserted with the links to the malicious malwares spreading sites. Such links get inserted at the top/bottom of the web pages in the form as given below.
Some of the URLs being inserted are given below, but not an exhaustive list. You are advised not to click the URLs as clicking these URLs may take you to the malware sites and may cause malicious software to be downloaded on your systems.
Thus, you are recommended to perform the following, in addition to keep your system up-to-date with latest antivirus signature and patches.
- While publishing websites on to the Web-Server, the source code of the page being published is to be given a scan to look out for references to any unknown URLs in the form as above.
- Sometimes encoded forms of URLs Ex: %27%20…. also get inserted. Give attention to contents or URLs you do not recognize.
- Look at the source code of the page on the Client before you publish to the Server using editing tool such as “notepad”.
- Also, look at the source code of the web page on the Web-Server after you have published using editing tool such as “notepad”
- Give another verification look of the source code of the page both on the Client as well as on the Server after publishing using a web browser.
5.If your site is found to be inserted with above form of IFRAME or links then it will be de-hosted from production.
Note: - All the Static website or Web-enabled Application are being made available on ERNET INDIA (Production) Server only after obtaining Security Clearance from Auditor. Therefore, it may be noted that any further addition of dynamic contents on the website (operational/running on ERNET INDIA Server) or change in application logic in the running application will attract security re-audit by the concerned User Organization. Therefore, please ensure that any application being loaded on the server should be cleared by the empanelled Security Auditor. The security audit of the web-enabled application will have to be done by user organization, through empanelled Security Auditors, as per the procedure for conducting Third Party Security Audit available at website URL
"mp.ERNET India.in/GuidelinesThirdPartySecurityAuditByUSer.pdf", however, the details regarding panel of IT Security Auditors may be seen from URL "certin.org.in/security-auditors.htm" This Document is also available on the website of ERNET INDIA,