In News: New directions from Computer Emergency Response Team (CERT-In) for regulating VPN providers will be effective from June 28.
- The rule mandates VPN providers to record and keep their customers’ logs for 180 days.
- It requires the firms to collect and store customer data for up to five years.
- It further mandated that any cybercrime recorded must be reported to the CERT within 6 hours of the crime.
- The directions applicable to data centres, virtual private server (VPS) providers, cloud service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and Government organisations.
- Firms that provide Internet proxy-like services through VPN technologies also come under the ambit of the new rule.
- Corporate entities are not under the scanner.
In response to CERT-In rules many VPN providers are planning to shift servers out of the country or cater to users in India through virtual servers located in Singapore and UK.
What is a virtual server, and what are its uses?
- A virtual server is a simulated server environment built on an actual physical server.
- It recreates the functionality of a dedicated physical server.
- The virtual twin functions like a physical server that runs software.
- It uses resources of the physical server.
- Multiple virtual servers can run on a single physical server.
- Virtualising servers helps reallocate resources for changing workloads.
- Converting one physical server into multiple virtual servers allows organisations to use processing power and resources more efficiently
- Running multiple operating systems and applications on a single physical machine reduces the cost as it consumes less space, hardware.
- Virtualisation also reduces cost as maintaining a virtual server infrastructure is low compared to physical server infrastructure.
- Virtual servers are also said to offers higher security than a physical server infrastructure as the operating system and applications are enclosed in a virtual machine.
- This helps contain security attacks and malicious behaviors inside the virtual machine.
- Virtual servers are also useful in testing and debugging applications in different operating systems and versions without having to manually install and run them in several physical machines.
Can server relocation and virtualisation help VPN providers circumvent the new rules?
- The rules are applicable to any entity whatsoever in the matter of cyber incidents and cyber security incidents, regardless of whether they have a physical presence in India or not, as long as they deliver services to Indian users.
Virtual Private Network
- Virtual Private Network (VPN) is a service that helps internet users to stay private online by hiding their (Internet Protocol) IP addresses.
- VPN establishes an encrypted connection between the user’s computer and the internet, providing a private tunnel for their data, making them anonymous and blocking anyone from tracking their movements like where they are going or what they are doing.
- It is the IP address – a special number unique to the user’s internet network– that helps websites, law enforcement agencies, cybercriminals or anyone else looking into an individual’s internet activities and track down their accurate location.
- Without a VPN, the user’s IP address is visible to the web. VPNs obscure the user’s internet usage by jumping the signal off multiple servers.
- VPN extends through encrypted connections over the Internet.
- Since the line is encrypted between the network and the device connected to it, the traffic remains private.
Computer Emergency Response Team (CERT-In):
- CERT-In is the national nodal agency for responding to computer security related incidents.
- CERT-In has been operational since 2004.
- It works under Ministry of Electronics and Information Technology
CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security:
- Collection, analysis and dissemination of information on cyber incidents.
- Forecast and alerts of cyber security incidents.
Source: The Hindu
Previous Year Question
Q.1) What is a “Virtual Private Network”? (2011)
- It is a private computing network of an organization where remote users can transmit encrypted information through the server of the organization.
- It is a computer network across a public internet that provides users access to their organization’s network while maintaining the security of the information transmitted.
- It is a computer network in which users can access a shared pool of computing resources through a service provider
- None of the statements (a), (b), and (c) given above is a correct description of Virtual Private Network.