Commentary: The SingHealth breach and the uphill task of governing cyberspace
Anonymity, long-distance penetration and the quality of stealth suggest a very different international order is at play in cyberspace, says one observer at the S Rajaratnam School of International Studies.
(Updated: )
Alan Chong is Associate Professor in the Centre of Multilateralism Studies, S Rajaratnam School of International Studies in Singapore.
SHOULD CYBER HACKERS BE NAMED?
The question of whether to name or not to name the cyber hackers revolves around one’s estimation of the severity of damage to national security and the reliability of cyber forensics in being 100 per cent confident in identifying the perpetrator.
Moreover, most sophisticated hackers have found ways and means to mask their complete identities such that even the best forensic teams will have to surmount a high threshold of proof before producing an indubitable charge.
To name a perpetrator in the absence of incontrovertible proof and catastrophic damage may risk upsetting existing diplomatic relations, sour the bilateral economic climate, or worse, initiate a conventional war which both sides do not want.
In all of these cases, culpability could not be guaranteed to hold up in any court of law.
The question of whether to name or not to name the cyber hackers revolves around one’s estimation of the severity of damage to national security and the reliability of cyber forensics in being 100 per cent confident in identifying the perpetrator.
Moreover, most sophisticated hackers have found ways and means to mask their complete identities such that even the best forensic teams will have to surmount a high threshold of proof before producing an indubitable charge.
To name a perpetrator in the absence of incontrovertible proof and catastrophic damage may risk upsetting existing diplomatic relations, sour the bilateral economic climate, or worse, initiate a conventional war which both sides do not want.
In all of these cases, culpability could not be guaranteed to hold up in any court of law.
Ricky Lim
Posted on :-06 Aug 2018 03:31PM (Updated: 06 Aug 2018 05:04PM)
Ricky Lim
Based on the comments made in this board, many people think that forensic evidence churn out can be proven in Courts and conclusively nail the hackers.
This is a wrong misconception, and the Minister has rightly pointed out that :-
"He added that in these matters, "whilst once can have a high level of confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility" and the evidence may not stand up in the court of law."
So far no Countries even knowing through "inference" certain State is involved in the hacking - it can't be prosecuted in Courts with the forensic evidences - which I will elaborate with examples later.
Like · Reply · 1m · Edited
Ricky Lim
Based on the comments made in this board, many people think that forensic evidence churn out can be proven in Courts and conclusively nail the hackers.
This is a wrong misconception, and the Minister has rightly pointed out that :-
"He added that in these matters, "whilst once can have a high level of confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility" and the evidence may not stand up in the court of law."
So far no Countries even knowing through "inference" certain State is involved in the hacking - it can't be prosecuted in Courts with the forensic evidences - which I will elaborate with examples later.
Like · Reply · 1m · Edited
Ricky Lim
Ricky Lim
Eg. a group of State sponsored Hackers Country Z decided to launch an attack on Country A.
(1) Country A hackers - launch a VPN IPSec tunnel from its VPN gateway that encrypt its payload and hide its original IP address - by inserting a dummy IP address - which cannot be trace.
(2) Through the VPN IPSec encrypted tunnel and hidden IP identity, it jump into Country Y weak router, take control over it by breaking its admin password.
(3) They set up a VRF secured tunnel - to joing a valid VRF secured tunnel, access Country Y VRF intranet and take control of a weak server.
(4) By breaking the supervisor password of the Country Y, the hackers launch a remote desktop access to Country X desktop, break its password and take over Country X desktop.
(5) From Country X desktop, the hackers launch a SSH secure tunnel to the Country W apps server and break its password.
(6) From Country W apps server, it do a ICMP reconnaisance scanning of the Country A network to discover its network topology follow by a TCP scan.
(7) The hackers will then try to attempt to break the password of all the IP devices that it discover in Country A network from Country W apps server.
(8) After many tries without triggering the alarm system, it identify one weak workstation and break the password to take control over the workstation.
(9) From the workstation, based on the network topology that the hackers discover, will attempt to bypass the network security devices and features and go straight to the database server to access the database by breaking the database administrator password and copy its content.
(10) After its has done so, hackers will try to remove traces of its illegal access by clearing the records of its access by amending the various IT devices security logs, access logs, system logs, clear cache etc.
Like · Reply · 1m · Edited
Ricky Lim
(1) Now assume you as investigators can trace and track through forensic evidences left in the system --- hop by hop to each individual Countries --- how do you know the individual Countries will willingly provide you with forensic evidence that the hackers have intercepted their devices to launch attack at us?
(2) The hackers have used encrypted tunnel, hide its digital identity, used secured tunnel ---- that will need the "encryption keys", the "digital passwords", the "digital certificates" of all the individual Countries before we can decrypt the contents and reveal the hidden identities.
Which Countries will willingly do so - without embarrassing themselves or give away their "digital secret"?
(3) Without the above, how to prosecute the hackers in Courts ---- as Courts need "clear, unambigous evidences" - that can identify and prosecute the hackers.
Like · Reply · 1m · Edited
Ricky Lim
Prosecution is successful only if "All Countries in the World" sign a Universal obligations to reveal and prosecute hackers - and willing to participate in a Worldwide digital forensic exercise to nab the hackers.
But if it is a State Sponsored hackers --- what make you think Countries or its allies will willingly volunteer in the investigation and forward forensice evidences to assist you in the investigation and the subsequent prosecution of hackers in the International Courts?
Like · Reply · 1m · Edited
Eg. a group of State sponsored Hackers Country Z decided to launch an attack on Country A.
(1) Country A hackers - launch a VPN IPSec tunnel from its VPN gateway that encrypt its payload and hide its original IP address - by inserting a dummy IP address - which cannot be trace.
(2) Through the VPN IPSec encrypted tunnel and hidden IP identity, it jump into Country Y weak router, take control over it by breaking its admin password.
(3) They set up a VRF secured tunnel - to joing a valid VRF secured tunnel, access Country Y VRF intranet and take control of a weak server.
(4) By breaking the supervisor password of the Country Y, the hackers launch a remote desktop access to Country X desktop, break its password and take over Country X desktop.
(5) From Country X desktop, the hackers launch a SSH secure tunnel to the Country W apps server and break its password.
(6) From Country W apps server, it do a ICMP reconnaisance scanning of the Country A network to discover its network topology follow by a TCP scan.
(7) The hackers will then try to attempt to break the password of all the IP devices that it discover in Country A network from Country W apps server.
(8) After many tries without triggering the alarm system, it identify one weak workstation and break the password to take control over the workstation.
(9) From the workstation, based on the network topology that the hackers discover, will attempt to bypass the network security devices and features and go straight to the database server to access the database by breaking the database administrator password and copy its content.
(10) After its has done so, hackers will try to remove traces of its illegal access by clearing the records of its access by amending the various IT devices security logs, access logs, system logs, clear cache etc.
Like · Reply · 1m · Edited
Ricky Lim
(1) Now assume you as investigators can trace and track through forensic evidences left in the system --- hop by hop to each individual Countries --- how do you know the individual Countries will willingly provide you with forensic evidence that the hackers have intercepted their devices to launch attack at us?
(2) The hackers have used encrypted tunnel, hide its digital identity, used secured tunnel ---- that will need the "encryption keys", the "digital passwords", the "digital certificates" of all the individual Countries before we can decrypt the contents and reveal the hidden identities.
Which Countries will willingly do so - without embarrassing themselves or give away their "digital secret"?
(3) Without the above, how to prosecute the hackers in Courts ---- as Courts need "clear, unambigous evidences" - that can identify and prosecute the hackers.
Like · Reply · 1m · Edited
Ricky Lim
Prosecution is successful only if "All Countries in the World" sign a Universal obligations to reveal and prosecute hackers - and willing to participate in a Worldwide digital forensic exercise to nab the hackers.
But if it is a State Sponsored hackers --- what make you think Countries or its allies will willingly volunteer in the investigation and forward forensice evidences to assist you in the investigation and the subsequent prosecution of hackers in the International Courts?
Like · Reply · 1m · Edited
Ricky Lim
Prosecution is successful only if "All Countries in the World" sign a Universal obligations to reveal and prosecute hackers - and willing to participate in a Worldwide digital forensic exercise to nab the hackers.
But if it is a State Sponsored hackers --- what make you think Countries or its allies will willingly volunteer in the investigation and forward forensice evidences to assist you in the investigation and the subsequent prosecution of hackers in the International Courts?
Like · Reply · 1m · Edited
Ricky Lim
Inferences and traces of digital forensics evidences can be found --- to "infer" or "give clues" that point to the likely hackers identity.
Such traces are the techniques the hackers used, the malware developed by certain group of hackers, the languages they used to develop their tools and other IT traces that i will not elaborate on etc.
But conclusive digital evidences that can be prosecuted in Courts will not be possible - without the cooperation of all Countries affected or involved.
Thus a State Sponsored APT (Advanced Persistent Threat) attack - is almost impossible to prosecute in International Courts.
So far USA and even Europe has make noise and can only retaliate in kind - but are not able to haul any State Sponsored hackers into International Courts or their own Courts.
Like · Reply · 1m
Ricky Lim
Assume you reveal the "likely identity of the hackers" in Country Z, what do you think how Country Z will respond?
Country Z will tell you to show proof.
Even if you show proof (without other Countries taking part) --- Country Z will say "your proof is not good enough ---- as it involved so many Countries" --- how can you prove it come from Country Z?
Then indeed we will be shooting ourselves in the foot.
Like · Reply · 1m
Ricky Lim
The only recourse are :-
(1) Strength our cyber defense
(2) Await karma to administer punishment on the perpretators.
Karma is "Do good, reap good karma.
Do bad, reap bad karma."
Like · Reply · 1m
Prosecution is successful only if "All Countries in the World" sign a Universal obligations to reveal and prosecute hackers - and willing to participate in a Worldwide digital forensic exercise to nab the hackers.
But if it is a State Sponsored hackers --- what make you think Countries or its allies will willingly volunteer in the investigation and forward forensice evidences to assist you in the investigation and the subsequent prosecution of hackers in the International Courts?
Like · Reply · 1m · Edited
Ricky Lim
Inferences and traces of digital forensics evidences can be found --- to "infer" or "give clues" that point to the likely hackers identity.
Such traces are the techniques the hackers used, the malware developed by certain group of hackers, the languages they used to develop their tools and other IT traces that i will not elaborate on etc.
But conclusive digital evidences that can be prosecuted in Courts will not be possible - without the cooperation of all Countries affected or involved.
Thus a State Sponsored APT (Advanced Persistent Threat) attack - is almost impossible to prosecute in International Courts.
So far USA and even Europe has make noise and can only retaliate in kind - but are not able to haul any State Sponsored hackers into International Courts or their own Courts.
Like · Reply · 1m
Ricky Lim
Assume you reveal the "likely identity of the hackers" in Country Z, what do you think how Country Z will respond?
Country Z will tell you to show proof.
Even if you show proof (without other Countries taking part) --- Country Z will say "your proof is not good enough ---- as it involved so many Countries" --- how can you prove it come from Country Z?
Then indeed we will be shooting ourselves in the foot.
Like · Reply · 1m
Ricky Lim
The only recourse are :-
(1) Strength our cyber defense
(2) Await karma to administer punishment on the perpretators.
Karma is "Do good, reap good karma.
Do bad, reap bad karma."
Like · Reply · 1m
Ricky Lim
Practical steps can mean changing personal passwords frequently and scanning access points for unusual patterns of activity. The solution cannot be simply a case of applying more information technology complexity to guard information technology.
---
Posted on :- 07 Aug 2018 09:00PM (Updated: 07 Aug 2018 09:00PM)
Ricky Lim
The Committee of Inquiry (COI) that was convened to look into the cyberattack on SingHealth's IT systems will hold its first hearing on Aug 28.
Expert witnesses will be called upon to give evidence on cybersecurity measures, and the COI will conduct a site visit to SingHealth to be briefed on the network architecture of the affected IT systems.
"The COI will also receive public submissions and will advise the public when and how these submissions should be submitted," said the press release.
--
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
5. Remove all remote access by hardening and removing or shutting down all remote access capability to all network devices, software and database. Lockdown and identify dedicated jump host to administer all network devices, software, database by local access workstation or virtual machine that are securely protected. Any other workstation that are not identified as jump host for administration are not allowed to manage and administer supervisor function over the network devices, software and database. Remote management must be disallowed. By doing so, hacker compromising a weak front end workstation will not be able to mass copy the database - as it is not a dedicated jump host and will not be allowed to do so - also a security alarm and alert will be triggered to the sms and email to administrator that can quickly respond to the hacking.
6. Encryption of data storage, encryption key management and encryption of database maybe required. This ensure that even when the data is mass copied by the hackers, the data are encrypted and hackers will take a hard time to decrypt the data.
The above measures are recommended on top and above the below:-
(Assuming that all traditional security measures are put in place like firewall, segregration of web, apps, database, network IPS, host IPS, WAF - web application firewall, vpn ipsec, digital cert, encryption, authentication, directory service, desktop security features like personal firewall, anti-virus, latest security patches etc that have undergone security posture assessment such as BYOD, port authentication, secured shell for admin management, ssl etc have been put in place).
All these will prevent the singhealth APT hacking.
Reply · 1d · Edited
Like · Reply · 1m
Ricky Lim
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
---
Posted on :- 07 Aug 2018 09:00PM (Updated: 07 Aug 2018 09:00PM)
Ricky Lim
The Committee of Inquiry (COI) that was convened to look into the cyberattack on SingHealth's IT systems will hold its first hearing on Aug 28.
Expert witnesses will be called upon to give evidence on cybersecurity measures, and the COI will conduct a site visit to SingHealth to be briefed on the network architecture of the affected IT systems.
"The COI will also receive public submissions and will advise the public when and how these submissions should be submitted," said the press release.
--
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
5. Remove all remote access by hardening and removing or shutting down all remote access capability to all network devices, software and database. Lockdown and identify dedicated jump host to administer all network devices, software, database by local access workstation or virtual machine that are securely protected. Any other workstation that are not identified as jump host for administration are not allowed to manage and administer supervisor function over the network devices, software and database. Remote management must be disallowed. By doing so, hacker compromising a weak front end workstation will not be able to mass copy the database - as it is not a dedicated jump host and will not be allowed to do so - also a security alarm and alert will be triggered to the sms and email to administrator that can quickly respond to the hacking.
6. Encryption of data storage, encryption key management and encryption of database maybe required. This ensure that even when the data is mass copied by the hackers, the data are encrypted and hackers will take a hard time to decrypt the data.
The above measures are recommended on top and above the below:-
(Assuming that all traditional security measures are put in place like firewall, segregration of web, apps, database, network IPS, host IPS, WAF - web application firewall, vpn ipsec, digital cert, encryption, authentication, directory service, desktop security features like personal firewall, anti-virus, latest security patches etc that have undergone security posture assessment such as BYOD, port authentication, secured shell for admin management, ssl etc have been put in place).
All these will prevent the singhealth APT hacking.
Reply · 1d · Edited
Like · Reply · 1m
Ricky Lim
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
Ricky Lim
Ricky Lim
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m · Edited
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m · Edited
Govt should build a system as robust as our ERP which is seemingly unhackable.
ERP is an Intranet.
It has no connection to Internet --- of course not hackable by international hackers.
In addition, public interface to ERP - is just a rudimentary IU cards - with no OS (operating system interface) - that is capable of doing complex sophisticated access.
Thus even local hackers have no means to hack into the ERP system who is on Intranet.
IU cards also cannot be infected with malware - due to the limited space storage and limited information processing.
The chances of ERP hacked through public interface is close to zero.
Even if you tamper with the IU cards === you will get camera taking your car photo - and the summon will be issued straight away. So how is it possible to hack the ERP?
It has no connection to Internet --- of course not hackable by international hackers.
In addition, public interface to ERP - is just a rudimentary IU cards - with no OS (operating system interface) - that is capable of doing complex sophisticated access.
Thus even local hackers have no means to hack into the ERP system who is on Intranet.
IU cards also cannot be infected with malware - due to the limited space storage and limited information processing.
The chances of ERP hacked through public interface is close to zero.
Even if you tamper with the IU cards === you will get camera taking your car photo - and the summon will be issued straight away. So how is it possible to hack the ERP?
Ang Kam Kwang
Ricky Lim .....now I understand about the "internet isolation". Could this step, a hindside of Singhealth IT management in the very first place?- I mean why is there no "trigger" when such high amount of records (1.5million) are requested whether by way of "e-requests" or by way of "stealth downloads". "Trigger" or safe guard in this case mean "Requested records would only be sent BY POST (NO e-copy allowed) to requester" and any Patient Record requests shall not be more than one patient. If same requester asks for more than 3 different patient's records, system administrator is alerted..........my 2cents!
Ang Kam Kwang - SingHealth can't be just on Intranet - with no interface to the public - who are accessing via Internet.
Sensitive and highly confidential stuff can be on Intranet only - while public facing information need to be in Internet.
Total isolation of SingHealth network from Internet is not possible like ERP.
ERP has no need for public interface except reading the IU cards - thus it can be totally on Intranet.
SingHealth with those on sensitive info. will need to be in Intranet that are totally isolated from Internet.
But public facing interface will still need Internet integration --- but need to be secured properly.
Sensitive and highly confidential stuff can be on Intranet only - while public facing information need to be in Internet.
Total isolation of SingHealth network from Internet is not possible like ERP.
ERP has no need for public interface except reading the IU cards - thus it can be totally on Intranet.
SingHealth with those on sensitive info. will need to be in Intranet that are totally isolated from Internet.
But public facing interface will still need Internet integration --- but need to be secured properly.
Valen Chen Tany
Ricky Lim TQ for he kind info.....I was just saying being sarcastic but thks anyway.
Darren Tay
ERP unhackable ..not true u just need to plug in the junction box near and u can hack ... Too easy .. ERP down before just they never announced.
Darren Tay - yes local hacker possible to hack if you go near it with wireless gadget under the hot sun - but you will be caught easily as there are many CCTV nearby.
Score : Attacker 1 : defender 0
Defender is almost impossible to win in this war frm how the finding was reported. So how to revert this score result should b always the 1st step in digitizing Singapore. Making our system even more open to attack will only make matter worse and attacker smiling every moment.
Defender is almost impossible to win in this war frm how the finding was reported. So how to revert this score result should b always the 1st step in digitizing Singapore. Making our system even more open to attack will only make matter worse and attacker smiling every moment.
Valen Chen Tany
To defend you must also know where when what the attacks will be and try our best to defend or at least to neutralise it as and when it comes. Nothing cannot be free of wilful acts or attacks.
Darren Tay - to be fair if you are IT trained -- if any network is connected to Internet, no one in the World can prevent an attack.
Or DDOS is launch on your Web server.
Or DDOS is launch on your Web server.
I am not sure whether if you agreed with me.
Eg. a hacker can do a DDOS brute force attack on the router port - and you will get a denial of service (even though there are method to mitigate DDOS) - but will still disrupt your service by making your router port busy and congested.
So how to prevent this?
Like · Reply · 1m
Ricky Lim
Also the DDOS need not be done by live multiple hackers launching the DDOS.
They can plant botnet and malware into weak servers and desktops to launch the DDOS.
Forensic evidences can be traced to the botnet and malware and servers and desktops that launch it --- but maybe unable to trace to the live hackers that will have remove their traces of access.
Then how do you track, catch and prosecute the hackers?
I just want to be fair and not levying unfair blame.
If you resolve the above problem, let me know --- then I will agree with you blame can be levy on the Government.
They can plant botnet and malware into weak servers and desktops to launch the DDOS.
Forensic evidences can be traced to the botnet and malware and servers and desktops that launch it --- but maybe unable to trace to the live hackers that will have remove their traces of access.
Then how do you track, catch and prosecute the hackers?
I just want to be fair and not levying unfair blame.
If you resolve the above problem, let me know --- then I will agree with you blame can be levy on the Government.
No comments:
Post a Comment