Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-ihis-measures-prevent-online-threats-10887424
(Updated: )
Very happy that almost 100% of my recommendation to safeguard against "State sponsored Advanced Persistent Threat" to protect SingHealth IT infrastructure are implemented.
This will make SingHealth IT infrastructure safer, can detect any attack early and can respond faster.
Clap Clap Clap Clap Clap ----- so indeed the Government do read social media postings for good recommendation and proposal !
Keep it up !
This will make SingHealth IT infrastructure safer, can detect any attack early and can respond faster.
Clap Clap Clap Clap Clap ----- so indeed the Government do read social media postings for good recommendation and proposal !
Keep it up !
In a media release on Thursday (Nov 1), IHiS outlined the measures which include two-factor authentication for local administrators, complex passwords managed centrally as well as added training for the security team to boost their understanding of advanced hacker tools.
---
Posted on:- 20 Jul 2018
Ricky Lim
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
---
Posted on:- 20 Jul 2018
Ricky Lim
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
This includes expediting the planned implementation of Client Advanced Threat Protection (ATP), a security solution which, according to IHiS, blocks threats based on exploit techniques and sophisticated malware used by advanced threat actors.
---
Posted on:- 20 Jul 2018
Ricky Lim
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
---
Posted on:- 20 Jul 2018
Ricky Lim
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
Ricky Lim
IHiS added that it has implemented Temporary Internet Surfing Separation (ISS) across the public healthcare sector earlier as a precaution.
This means computers that are connected to the internal networks and systems cannot be used to access the Internet. To access the Internet, healthcare staff will need to use separate terminals which are not connected to internal networks and systems.
--
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
This means computers that are connected to the internal networks and systems cannot be used to access the Internet. To access the Internet, healthcare staff will need to use separate terminals which are not connected to internal networks and systems.
--
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
Ricky Lim
“An expanded suite of managed security services will be implemented via the Advanced Security Operations Centre, including proactive threat hunting, threat intelligence, response services, and more,” said IHiS.
Meanwhile, to further prevent the use of weak passwords, IHiS is enhancing the access management capability to manage complex passwords centrally, and automatically update and protect administrator accounts, the agency added.
“The access management will be boosted with threat analytics to provide earlier detection of suspicious account activities by applying a combination of statistical modelling, machine learning, as well as behaviour analytics to identify unusual activities, and respond faster to threats,” said IHiS.
---
Posted on:- 20 Jul 2018
Ricky Lim
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
Meanwhile, to further prevent the use of weak passwords, IHiS is enhancing the access management capability to manage complex passwords centrally, and automatically update and protect administrator accounts, the agency added.
“The access management will be boosted with threat analytics to provide earlier detection of suspicious account activities by applying a combination of statistical modelling, machine learning, as well as behaviour analytics to identify unusual activities, and respond faster to threats,” said IHiS.
---
Posted on:- 20 Jul 2018
Ricky Lim
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
Additionally, to secure the network against unpatched equipment, the access control will be enhanced to allow only authorised devices that are patched with the updated anti-virus and anti-malware signatures to join the network.
--
This is a security posture assessment - whereby upon login :-
(1) anti-virus posture is checked
(2) os patch is checked
(3) firewall is checked
--- if fail thrown into quarantine VLANs for update to the latest security posture.
- if pass, then allow access.
--
This is a security posture assessment - whereby upon login :-
(1) anti-virus posture is checked
(2) os patch is checked
(3) firewall is checked
--- if fail thrown into quarantine VLANs for update to the latest security posture.
- if pass, then allow access.
Ricky Lim
The National Electronic Health Record system is also being reviewed and tested by GovTech and the Cyber Security Agency of Singapore, as well as by PricewaterhouseCoopers (PwC), an independent IT consultant.
---
This are :-
Penetration testing.
Vulnerability scanning.
--- to detect any security vulnerability.
---
This are :-
Penetration testing.
Vulnerability scanning.
--- to detect any security vulnerability.
=======================================================================
Posted on:- 20 Jul 2018
Ricky Lim
"Recommending ways to better protect SingHealth’s patient database system against similar attacks, and suggesting measures to reduce the risk of such cybersecurity attacks on public sector IT systems."
---
PROTECTION OF PUBLIC WEB SERVICE AND WEB ACCESS
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
5. Remove all remote access by hardening and removing or shutting down all remote access capability to all network devices, software and database. Lockdown and identify dedicated jump host to administer all network devices, software, database by local access workstation or virtual machine that are securely protected. Any other workstation that are not identified as jump host for administration are not allowed to manage and administer supervisor function over the network devices, software and database. Remote management must be disallowed. By doing so, hacker compromising a weak front end workstation will not be able to mass copy the database - as it is not a dedicated jump host and will not be allowed to do so - also a security alarm and alert will be triggered to the sms and email to administrator that can quickly respond to the hacking.
6. Encryption of data storage, encryption key management and encryption of database maybe required. This ensure that even when the data is mass copied by the hackers, the data are encrypted and hackers will take a hard time to decrypt the data.
The above measures are recommended on top and above the below:-
(Assuming that all traditional security measures are put in place like firewall, segregration of web, apps, database, network IPS, host IPS, WAF - web application firewall, vpn ipsec, digital cert, encryption, authentication, directory service, desktop security features like personal firewall, anti-virus, latest security patches etc that have undergone security posture assessment such as BYOD, port authentication, secured shell for admin management, ssl etc have been put in place).
All these will prevent the singhealth APT hacking.
Reply · 1d · Edited
Like · Reply · 1m
Ricky Lim
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
Ricky Lim
"Recommending ways to better protect SingHealth’s patient database system against similar attacks, and suggesting measures to reduce the risk of such cybersecurity attacks on public sector IT systems."
---
PROTECTION OF PUBLIC WEB SERVICE AND WEB ACCESS
Posted on:- 20 Jul 2018
Ricky Lim
Protecting IT resources to minimise hacking are not that scary.
1. IT design to segregate back-end oob (out of band) mgt from front end internet fronting (in band) will definitely minimise internet hacking attack of such scale. The reason being, front end (in-band) is internet facing, out-of-band (back end) is segregated from front-end (inband) - and when hackers attack from front-end (in-band) - it cannot get into the back end (out-of-band) as the front end network is separated from back-end network. Breaching the front probably may get access to one or the most a few transactions --- but will not be able to do a mass copy of data - using backend admin with powerful rights.
2. Proactive security incidents and event management of all critical information infrastructure using SIEMs whereby online real-time will trigger alarms and alerts the moment when stealth hacking occurs. Even stealth reconnaissance, the beginning of hacking by probing through network discovery, tcp port scanning, icmp ping, traceroute etc will be picked up.
3. APT advanced persistence threat or maybe dlp (data loss protection) protection can be put in place to filter known, unknown, zero day attack, virtual patching and sandbox unknown but anomaly threat.
4. 2 FA authentication for administrator to be installed for login before allowing management of network device, software, database. Hackers may be able to steal the admin id and password, but without 2FA, hackers cannot administer and manage network device, edit software, access data in database.
5. Remove all remote access by hardening and removing or shutting down all remote access capability to all network devices, software and database. Lockdown and identify dedicated jump host to administer all network devices, software, database by local access workstation or virtual machine that are securely protected. Any other workstation that are not identified as jump host for administration are not allowed to manage and administer supervisor function over the network devices, software and database. Remote management must be disallowed. By doing so, hacker compromising a weak front end workstation will not be able to mass copy the database - as it is not a dedicated jump host and will not be allowed to do so - also a security alarm and alert will be triggered to the sms and email to administrator that can quickly respond to the hacking.
6. Encryption of data storage, encryption key management and encryption of database maybe required. This ensure that even when the data is mass copied by the hackers, the data are encrypted and hackers will take a hard time to decrypt the data.
The above measures are recommended on top and above the below:-
(Assuming that all traditional security measures are put in place like firewall, segregration of web, apps, database, network IPS, host IPS, WAF - web application firewall, vpn ipsec, digital cert, encryption, authentication, directory service, desktop security features like personal firewall, anti-virus, latest security patches etc that have undergone security posture assessment such as BYOD, port authentication, secured shell for admin management, ssl etc have been put in place).
All these will prevent the singhealth APT hacking.
Reply · 1d · Edited
Like · Reply · 1m
Ricky Lim
Ricky Lim
Most important, ensure that in-band (front-end) network must not be routable to the out-of-band (back-end) network.
Ensure this mistake must not be made - else 佛都保不到你。。。。。
Like · Reply · 1m
No comments:
Post a Comment