Home
Security Policy

SECURITY POLICY

Meghalaya Basin Development Authority Website has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions.

  • Before the launch of the Meghalaya Basin Development Authority Website, simulated penetration tests were conducted.

    • Penetration testing has also been conducted (x times) after the launch of theMeghalaya Basin Development Authority Website.

  • Meghalaya Basin Development Authority Website has been audited for known application level vulnerabilities beforethe launch and all the known vulnerabilities have been addressed.
  • Hardening of servers has been done as per the guidelines of Cyber Security division before the launch of the Meghalaya Basin Development Authority Website
  • Access to web servers hosting the Meghalaya Basin Development Authority Website is restricted both physically and through the network as far as possible.
  • Logs are maintained for authorized physical access of Meghalaya Basin Development Authority Website servers.
  • Web-servers hosting the Meghalaya Basin Development Authority Website are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them.
  • All the development work is done on a separate development environment and is well tested on the staging server before updating it on the production server.

After testing properly on the staging server the applications are uploaded to the production server using SSH and VPN through a single point.

  • The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.
  • All contents of the web pages are checked for intentional or unintentional malicious content before final upload to web server pages.
  • Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny.
  • IT Staff monitor the Meghalaya Basin Development Authority Website at intervals daily to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no unauthorized links have been established.
  • All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server.
  • On Production web servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related tasks are performed.
  • Server passwords are changed at the interval of 3 number months
  • Meghalaya State Data Centre (S.D.C) has been designated as Administrator for the Meghalaya Basin Development Authority Website and shall be responsible for implementing this policy for each of the web servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s).
  • Meghalaya Basin Development Authority Website has been re-audited for the application level vulnerability after major modification in application development
MBDA LOGO

MEGHALAYA  BASIN  DEVELOPMENT  AUTHORITY

GOVERNMENT  OF  MEGHALAYA

WHO WE ARE

PROJECTS

QUICK LINKS

Copyright © 2017 - All Rights Reserved - Official Website of Meghalaya Basin Development Authority, Governtment of Meghalaya, India

Note: Content on this website is published and managed by Meghalaya Basin Development Authority

For any query regarding this Website, please contact the Web Information Manager Wankit K. Swer (Sr. Manager)

E-mail ID - knowledge[dot]mbda[at]gov[dot]in

Last updated: 8/25/2025, 11:59:34 AM