New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
India now requires port scans to be reported within 6 hours to CERT-In
"The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems."
Gave me quite the laugh just now, how is this even feasible? Requiring organisations to report port scans within 6 hours.
Comments
Yup. Could spend my entire life, reporting these b'stards! As if they'd do anything about it; there's a phrase with the keywords organise, piss-up, brewery.
I'm not from India but I'd love to contribute to their data points. I'll just have CSF email them directly.
Maybe if they employ the entire country for the sole purpose of it, they will have enough manpower to say "Yep that's a port scan. So, lunch?"
apt-get install -y ipset ipset-persistent iptables-persistent
ipset create india hash:net
wget -O /tmp/in.zone http://www.ipdeny.com/ipblocks/data/countries/in.zone
for i in
cat /tmp/in.zone
; do ipset add india $i; doneiptables -I INPUT -m set --match-set india src -j DROP
iptables-save > /etc/iptables/rules.v4
dpkg-reconfigure ipset-persistent
Save the new rules so they persist between reboots.
Done.
Lol
Hilarious
Seems like they want to be buried in so much data that they will never actually have to do anything.
This is stupid idea really but it will be burden for providers to keep 5 years old data .
Someone should project a giant image of this Bruce Lee clip on the side of whatever Indian institution decided this was a good idea:
I'm guessing that once you check the penalty for non-compliance, it will quickly become clear why the policy was introduced
The funny part is they still don't enforce like 90% of their existing cyber-crime rules/regulations.
... or else?
Me terribly frightened
(I welcome governments trying to force companies to get their act together wrt security but those directives are just ridiculous)
Automation.
Unless this is a "make work" employment thing if you got hardcore cheap labour.
Step 1: Outline job no one can disagree with
Step 2: Generate more work than you can possibly do, identify obvious "crisis"
Step 3: Budget request
Step 4: Reduce scope for productivity, accept pay raise
So what's India's data retention policy on this?
They're going to need a lot of storage.
Any coincidence Vultr just setup shop there? RAID-0 is the only any to manage the vast data storage need...
it's time for providers to pull out of india?
Finally a use for all the idlers: nmap all of India on loop
The future is here - https://newatlas.com/electronics/2-inch-diamond-wafers-quantum-memory-billion-blu-rays/
5 years lol
You must also report all instances of Western women refusing to send bobs and vegana within 3 hours.
How many cup of coffee do I need to trade for this Two-inch diamond wafers?
Probably like 50 million coffees.
This is plain stupidity by incompetent "babus" who are at the helm of the institutions.
This happens when people are hired on basis of "caste/religion" and not merit.
You can't make a donkey run a horse's race.
I guess VPN companies are fucked in India.
People who use Indian VPNs are fucked anyway.
I wonder if anyone with a huge server gets fked cause the Indian gov may consider their massive port scans and vul scans reports as DoS attack. Now multiply that by god knows how many servers there are in India
Indian govt. wants to tax you on every possible things and wants to keep record of every activity. We might be close to pay tax for oxygen and report govt. how many times we have breathed in a day.
India suddenly looks a lot more "western".
Welcome to the club! In a few years you could apply for E.U. and NATO membership, if you promise to suck Uncle Sams cock as we all love to do 24/7. Don't forget to give all your surveillance data to the NSA, CIA, FBI etc. But don't expect their data in return. That's not how a master slave relationship works.
[Sorry for the rant! I slept horribly, and thus I'm grumpy. This bullshit just reminded me way too much about Germany. Especially dosai's, blaze's (last) and ravi's comment. Disgusting how similar humans are despite different continents, cultures and religions. Everywhere we have the same problems. And just when you start to become a bit optimistic because the boomers are going the way of the dinosaurs, you realize that they'll be replaced by the PC-WOKE-SJW generation. Different, yet similar. Elon, hurry up with Mars! Climate change is not the only problem we need to flee from!]
More ontopic: I think they'll quickly realize that they extremely underestimated the number of portscans. They'll get DDoSed with reports. Then they might exclude portscans from the law, except when they are in context with something else.
Yep, write scripts to identify port scans and such or use things like spamcop or similar, dump everything in a log and send it every 6 hours.
The other thing is simply adding a field to registration or order which specifies the purpose and done. You must keep customer data for some 5 years anyway.