Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-data-breach-ihis-changes-governance-11125044
(Updated: )
Ricky Lim
A “Virtual Browser” will also be piloted this quarter in the National University Health System, allowing users access to the Internet and intranet systems on the same device.
“If we imagine loading a webpage or downloading a file from the Internet to be like receiving a letter, the client server is like a decontamination room where the letter is opened and only a picture is taken and sent to the recipient,” Mr Gan explained. He said the recipient reads the letter only via the picture that was taken, and does not touch the letter itself.
This process makes things safer for the recipient as malicious material or hidden messages are left behind in the decontamination room, he said.
--
Posted on :- 12 Nov 2018
Ricky Lim
Virtual browser can be a permanent solution to resolve the Internet temporary Internet Surfing Separation (ISS).
A separate physical internet device need not be procured to do the virtual browser.
The same intranent end device can launch virtual browser to browse Internet without needing to use separate internet device to surf Internet.
Like · Reply · 1m
Ricky Lim
PROTECTION OF STAFF INTERNET SURFING
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m\
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m
Like · Reply · 1m
“If we imagine loading a webpage or downloading a file from the Internet to be like receiving a letter, the client server is like a decontamination room where the letter is opened and only a picture is taken and sent to the recipient,” Mr Gan explained. He said the recipient reads the letter only via the picture that was taken, and does not touch the letter itself.
This process makes things safer for the recipient as malicious material or hidden messages are left behind in the decontamination room, he said.
--
Posted on :- 12 Nov 2018
Ricky Lim
Virtual browser can be a permanent solution to resolve the Internet temporary Internet Surfing Separation (ISS).
A separate physical internet device need not be procured to do the virtual browser.
The same intranent end device can launch virtual browser to browse Internet without needing to use separate internet device to surf Internet.
Like · Reply · 1m
Ricky Lim
PROTECTION OF STAFF INTERNET SURFING
Posted on :- 06 Aug 2018 03:17PM (Updated: 06 Aug 2018 03:27PM)
Ricky Lim
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
--
Virtual browser solution will be like the VMWare VDI (Virtual Desktop Infrastructure) ThinApp or Citrix thin client - whereby it inherit the following security features :-
(1) It operates with a virtual server.
(2) The virtual server will maintain a golden virtual desktop clone.
(3) When the desktop client login to the virtual server, the virtual server will download a virtual desktop clone to the client.
(4) the virtual desktop client - come with its operating system and web browser - that is logically segregated from the client physical desktop.
(5) It means that users can make use of the virtual client to browse the internet - but any files cannot be saved into the desktop physical client and vice versa.
Thus any attack from the internet via the virtual client will be limited to the virtual client and cannot take over the physical client that connect to the intranet.
(6) When user logout from the virtual server, its virtual client will disappear.
This is a safe approach to browse internet without physical separation from the internet.
Like · Reply · 1m · Edited
Ricky Lim
This is the same concept of :-
色即是空,空即是色。
"Physical is Virtual, Virtual is Physical".
Like · Reply · 1m\
Ricky Lim
It should be noted that :-
(1) The Virtual Server that dish out virtual clients to the desktop users - should be hosted in a Public DMZ - protected by the following slew of security measures :-
a. Firewall - where ACL is to filter inbound and outbound internet traffic restricted to Public DMZ only and not allow to enter the Intranet.
b. SSL Decryptor - to decrypt web content to allow for deep packet inspection.
b. APT (Advanced Persistent Threat) - to perform Virtual Patching for zero-day attack, deep inspection on content, application and user, sandbox detonation for unknown threat, flag, display and alert known threat.
c. Full Web Reverse Proxy, and Forward Proxy.
d. WAF - Web Application Firewall to protect against SQL injection, Cross scripting.
e. IPS - Intrusion Prevention System to monitor, detect, alert, respond, protect against known threat and unknown threat.
Like · Reply · 1m
Like · Reply · 1m
No comments:
Post a Comment