Network and Server Security

Securing network at multiple levels between the front end authentication points to CIDR is necessary to ensure protection against network attacks which result in “Denial of Service” (DoS). It is also important to ensure high availability and redundancy even if some parts of network are compromised or unavailable.

AUAs and their partners (sub-AUAs, application providers, etc.) are required to put appropriate network security in place to ensure their systems are protected from attack. It is hence mandated that standard network practices such as usage of encrypted channel, usage of digital certificates, IP filtering, authentication of applications/users/ devices, network protection through firewalls and NIPS, auditing, etc. are put in place.

Within CIDR, UIDAI ensures multiple levels of network security through creation of DMZ, application zone, and data zones and protecting all the zones using multiple firewalls, network intrusion prevention systems, and strong access control and audit schemes.

Since many applications and services across the country will heavily depend on Aadhaar authentication, it is strategically important to not to expose Aadhaar authentication over Internet (or any public network) and not create “single point” of attack that can potentially affect many services. It is hence critical to expand the secure zone beyond CIDR and allow authentication service to be exposed through multiple network end points. Creation of ASA as a network service provider and exposing authentication service ONLY through secure private connections using leased lines is strategic to ensure multiple end points always exist to provide authentication service in a secure and always available fashion. As per UIDAI policy, authentication and other online services such as e-KYC are never exposed over Internet or any public network