Read more at https://www.channelnewsasia.com/news/singapore/singhealth-coi-internet-surfing-separation-an-additional-burden-10922658
(Updated: )
Ricky Lim
Virtual browser can be a permanent solution to resolve the Internet temporary Internet Surfing Separation (ISS).
A separate physical internet device need not be procured to do the virtual browser.
The same intranent end device can launch virtual browser to browse Internet without needing to use separate internet device to surf Internet.
A separate physical internet device need not be procured to do the virtual browser.
The same intranent end device can launch virtual browser to browse Internet without needing to use separate internet device to surf Internet.
Like · Reply · 1m
Ricky Lim
Ricky Lim
PROTECTION OF STAFF INTERNET SURFING
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m\
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m
PROTECTION OF STAFF INTERNET SURFING
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m\
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m
Like · Reply · 1m
Brian Lai
Ricky Lim They should hire you. As an another IT Geek, I agreed with most of your point. All their need now is not only the required tech to be in placed, but their management also need to broaden their view on how important of IT/Cyber security nowaday.
ChicKerdi Ling
This is where the hackers has won. It has forced us to adopt ways that would almost render our system useless.
No comments:
Post a Comment