IPV6 Test         email Hindi Marathi

Integrity Pact & IEM

 

 

Click Here For CVC Circular Regarding Integrity Pact

 

A new committee of Independent External Monitors has been formed as per the details given below:


Name                                                     E-mail ID

(1) Shri Dhruv Kumar Agarwal               This email address is being protected from spambots. You need JavaScript enabled to view it.
(2) Shri V.K. Gupta                                 This email address is being protected from spambots. You need JavaScript enabled to view it.
(3) Ms. Alka Sirohi                                  This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Cyber Security Alerts

 

 

Mirai Botnet Affecting IoT Devices

A new malware named as "Mirai" targeting Internet of Things (IoT) devices such as printers, video camera, routers, smart TVs is spreading.The malware is capable of scanning the network devices or Internet of Things and try to compromise these systems especially those protected with defaults credentials or hardcoded username passwords.     For more Details Click Here

TERMS AND CONDITIONS

 

This website is designed, developed and maintained by Mahanagar Telephone Nigam Limited Mumbai , A Public Sector Undertaking of the Government of India .

Though all efforts have been made to ensure the accuracy and currency of the content on this website, the same should not be construed as a statement of law or used for any legal purposes. In case of any ambiguity or doubts, users are advised to verify/check with the Organisation and /or other sources, and to obtain appropriate professional advice.

Under no circumstances, will this Organisation be liable for any expense, loss or damage including, without limitation, indirect or consequential loss or damage, or any expense, loss or damage whatsoever arising from use, or loss of use, of data, arising out of or in connection with the use of this website.

These terms and conditions shall be governed by and construed in accordance with the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the jurisdiction of the courts of India.

The information posted on this website could include hypertext links or pointers to information created and maintained by non-Government/private organizations. MTNL Mumbai is providing these links and pointers solely for your information and convenience. When you select a link to an outside website, you are leaving the MTNL Mumbai’s website and are subject to the privacy and security policies of the owners/sponsors of the outside website.MTNL Mumbai does not guarantee the availability of such linked pages at all times.

MTNL Mumbai cannot authorise the use of copyrighted materials contained in linked websites. Users are advised to request such authorisation from the owner of the linked website.

MTNL Mumbai does not guarantee that linked websites comply with Indian Government Web Guidelines.

 

Malware Mirai

 

A new malware named as "Mirai" targeting Internet of Things (IoT) devices such as printers, video camera, routers, smart TVs is spreading.The malware is capable of scanning the network devices or Internet of Things and try to compromise these systems especially those protected with defaults credentials or hardcoded username passwords.

The malware is capable of performing the following function:

  • Compromise IoT systems with default username and passwords
  • Create botnets of the compromised devices.
  • Use compromise devices to launch DDoS attacks.
  • Make network connections to receive commands from launch further attacks.

 Indicators of compromise:

  • Abnormal traffic on port 2323/TCP and 23/TCP as it scans for vulnerable devices.
  • Command and Control Network traffic on port 48101/TCP.
  • Huge outbound traffic if the device is part of DDoS attack.

When the malware runs, it turns the infected system into a bot connecting to a C&C server. Bot infected systems are connecting to the C&C Servers on specific ports and listen for commands from remote attacker. In view of the high damage potential of Botnet infected machines, the  customers are requested to disinfect their systems and take appropriate countermeasures suggested below to prevent such incidents in future.

Countermeasures for securing IOT devices:

  • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords.
  • Always change Default login credentials before deployment in production.
  • Change default credentials at device startup and ensure that passwords meet the minimum complexity.
  • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
  • Users should be aware of the installed devices and their capabilities. If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
  • Control access to the devices with Access List.
  • Configure devices to "lock" or log out and require a user to re-authenticate if left unattended.
  • Identify systems with default passwords and implement abovementioned measures. Some the systems that need to be examined are Routers, switches,web applications and administrative web interfaces, ICS systems, Telnet and SSH interfaces.
  • Implement account lockout policies to reduce the risk of brute forcing attacks.
  • Telnet and SSH should be disabled on device if there is no requirement of remote management.
  • Configure VPN and SSH to access device if remote access is required.
  • Configure certificate based authentication for telnet client for remote management of devices.
  • Implement Egress and Ingress filtering at router level.
  • Report suspicious entries in Routers to your Internet Service Provider.
  • Keep up to date Antivirus on the computer system.
  • Keep up-to-date on patches and fixes on the IoT devices, operating system and applications.
  • Unnecessary port and services should be stopped and closed.
  • Logging must be enabled on the device to log all the activities.
  • Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.

 

 

PRIVACY POLICY

 

MTNL Mumbai Website does not automatically capture any specific personal information from you, (like name, phone number or e-mail address), that allows us to identify you individually.If the MTNL Mumbai -Website requests you to provide personal information, you will be informed for the particular purposes for which the information is gathered and adequate security measures will be taken to protect your personal information.

We do not sell or share any personally identifiable information volunteered on the MTNL Mumbai Website to any third party (public/private). Any information provided to this website will be protected from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

We gather certain information about the User, such as Internet protocol (IP) addresses, domain name, browser type, operating system, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected.

Subcategories