MPA to set up new cybersecurity centre to enhance response against threats
The Maritime Cybersecurity Operation Centre will be established by the third quarter of this year, says the Maritime and Port Authority of Singapore.
(Updated: )
Ricky Lim ·
Believe the new cybersecurity centre should at least include :-
(1) Security Operation Centre (SOC) for 24 hours x 365 days - to monitor, detect, response to security events through SIEM (Security and Incidents Event Management) supported by Central Loggers.
(2) Include Advanced Persistent Threat (APT) capabilities - to monitor, detect and response to sophisticated hacking attacks.
(3) Include Data Loss Protection (DLP) capabilities - to protect against data loss across multiple media, storage and system.
(4) Include vulnerability scanning and penetration testing.
(5) Include CCTV, video analytics and forensic.
(1) Security Operation Centre (SOC) for 24 hours x 365 days - to monitor, detect, response to security events through SIEM (Security and Incidents Event Management) supported by Central Loggers.
(2) Include Advanced Persistent Threat (APT) capabilities - to monitor, detect and response to sophisticated hacking attacks.
(3) Include Data Loss Protection (DLP) capabilities - to protect against data loss across multiple media, storage and system.
(4) Include vulnerability scanning and penetration testing.
(5) Include CCTV, video analytics and forensic.
Like · Reply · 1m
Anthony Chan
do not forget capable people to manage the SOC..
Most problems faced by the SOC operations is people.. not technology.
Most problems faced by the SOC operations is people.. not technology.
Ricky Lim ·
IT security have to cover all the 7 layers of OSI.
They have to include physical security, link layer security, network security, transport layer security, operating system security, application security.
Understanding of the whole TCP/IP stacks are imperative.
Having say so, security can come in any form, shape, size that is not easy to anticipate - because some attacks seems legitimate transactions.
SOC operations - have to be alert to anomaly behavior, unknown threat, zero day attack - in addition to known threat.
SOC people also must have people who have intricate knowledge of the company's entire IT infrastructure, system, storage, security, os and apps.
Yes agree, people with right skillsets is very important in SOC operations.
SOC is like helming a virtual army operations (eg. defending, responding to attack, protecting important systems and data storage, intelligence gathering etc) - but IT knowledge intensive.
They have to include physical security, link layer security, network security, transport layer security, operating system security, application security.
Understanding of the whole TCP/IP stacks are imperative.
Having say so, security can come in any form, shape, size that is not easy to anticipate - because some attacks seems legitimate transactions.
SOC operations - have to be alert to anomaly behavior, unknown threat, zero day attack - in addition to known threat.
SOC people also must have people who have intricate knowledge of the company's entire IT infrastructure, system, storage, security, os and apps.
Yes agree, people with right skillsets is very important in SOC operations.
SOC is like helming a virtual army operations (eg. defending, responding to attack, protecting important systems and data storage, intelligence gathering etc) - but IT knowledge intensive.
Like · Reply · 1m · Edited
Ricky Lim ·
Eg.
(1) Physical, link layer security (this is proximity security) - intermediate vulnerability - as hackers need to have physical proximity access to the media.
Eg. are tap access to fiber, copper, router, network switches, gateway.
Or Wire-in-the-air - with proliferation of wireless technology such as wifi, bluetooth, 3G/4G/5G LTE, wimax etc --- where hackers can setup rouge APs, Base-station, long-range extended antennae etc to gain access.
(2) Network security - especially internet connection - where internet, public web page - are open to access by worldwide hackers.
Security people will have to be extremely conversant with layer 2, and layer 3 routing protocol and security protocol like ospf, bgp, rip, static route, mpls, vpn ipsec, ssl vpn, vlan, firewall, IPS, WAF etc.
(3) OS, middleware, database security - eg. ms windows security, linux/unix security, virtualisation like vmware and others virtual machine, cloud computing, sap, oracle, MSSQL database, web apache etc.
(4) Transport security - eg. DNS, DHCP, NTP, ARP etc
eg. hackers can attack DNS resolution - URL to IP.
attack DHCP - unable to issue IP address.
attack ARP - unable to resolve mac-address to IP etc.
attack 3 way-TCP handshake etc.
(5) Application security - eg. best practices in coding web apps, mobile apps etc - to prevent eg. cross-scripting, SQL injection - to prevent phishing attack, validation and verification check on all input fields etc.
Hardening the whole TCP/IP stacks - by turning off features, functions that are not required.
Yes you are right, you require very knowledgeable people of the whole TCP/IP stacks to secure the IT infrastructure - and knowledgeable people to manned the SOC ---- which is not easy.
(1) Physical, link layer security (this is proximity security) - intermediate vulnerability - as hackers need to have physical proximity access to the media.
Eg. are tap access to fiber, copper, router, network switches, gateway.
Or Wire-in-the-air - with proliferation of wireless technology such as wifi, bluetooth, 3G/4G/5G LTE, wimax etc --- where hackers can setup rouge APs, Base-station, long-range extended antennae etc to gain access.
(2) Network security - especially internet connection - where internet, public web page - are open to access by worldwide hackers.
Security people will have to be extremely conversant with layer 2, and layer 3 routing protocol and security protocol like ospf, bgp, rip, static route, mpls, vpn ipsec, ssl vpn, vlan, firewall, IPS, WAF etc.
(3) OS, middleware, database security - eg. ms windows security, linux/unix security, virtualisation like vmware and others virtual machine, cloud computing, sap, oracle, MSSQL database, web apache etc.
(4) Transport security - eg. DNS, DHCP, NTP, ARP etc
eg. hackers can attack DNS resolution - URL to IP.
attack DHCP - unable to issue IP address.
attack ARP - unable to resolve mac-address to IP etc.
attack 3 way-TCP handshake etc.
(5) Application security - eg. best practices in coding web apps, mobile apps etc - to prevent eg. cross-scripting, SQL injection - to prevent phishing attack, validation and verification check on all input fields etc.
Hardening the whole TCP/IP stacks - by turning off features, functions that are not required.
Yes you are right, you require very knowledgeable people of the whole TCP/IP stacks to secure the IT infrastructure - and knowledgeable people to manned the SOC ---- which is not easy.
No comments:
Post a Comment