Serious Confusing signals from PAP, Vivian saying Govt. not cutting off internet access

[virus]

Not confusing at all. Cut is correct. No cut also correct.

no cut i worry

 

[Annunaki]

Is vivi this gong cheebai expecting me to believe the no internet rules apply to people like him and pinky and the rest of the cheebai million dollars elite civil servants?

 

[eatshitndie]

if you administer a network it's not confusing at all. networks are compartmentalized and segmented using both l2 and l3 vpns going over a common backbone. we have to separate trillions of customer/client flows and sessions on various vrf's from network control and other engineering/oa&m functions on either filter-based or vrf instances. main bulk of syn-based attacks (tcp vulnerability) at billions per hour constantly attempt to penetrate the master database storing sensitive and private data of customers. since most staff rely on ms-os for their work pc's and laptops including outlook email servers, the greatest pain-point for any i.t. or network department in cybersecurity has always been mitigating issues on windows-based os, which goes through patches and preventive downloads to address new threat signatures almost every other week. the loss of productivity in these mandatory patches alone for thousands of employees can easily top 2 hours per employee per bi-weekly. moreover it's not 100% foolproof.

a connected network (with internet access) goes through billions of possible attack attempts an hour and is therefore extremely vulnerable, but a so called "disconnected" network or vpn (intranet with no internet access) also goes through hacking attempts - in this case it's mostly via os patches, upgrades and downloads. yes, a patch to remove a threat can introduce a new vulnerability. a "closed" system is never closed as it requires periodic software patches and upgrades. for some super sensitive networks, only cd upgrades are used to isolate access from outside sources but most sensitive networks today rely on remote software upgrades and provisioning from a centralized server - a reason why most servers today holding confidential data run on linux (not that ms shit) with a lot of customized protection software and network accelerators. not surprising anymore to see extremely sophisticated load balancing with f/w, idp, and dpi sifting through every packet with either asics, fpga's, or gpu's to try to "sterilize" and forward data at wirespeed. to truly avoid the bulk of attacks, own i.t. and network folks need to "customize" and mod their server os from making it too vanilla and easy for determined hackers. if hackers manage to embed codes, sniffer bots and or trojans in the os without being discovered, no amount of zero access to the internet will help.

 

[Bigfuck]

if you administer a network it's not confusing at all...help.

You trying to scare Lee the programmer/developer extraordinaire shitless? "My Diploma in Computer Science last time never got this thingy"



"Was Lee Kuan Yew the wold's richest man?
His 792,000 kilogrammes of platinum are worth approximately US$35,640,000,000!!!"
<http://www.yeocheowtong.com/Salaries.html>

 

[Papsmearer]

WP and SDP manifesto in the next election will include "free the internet".

They have a better chance of winning with a Manifesto that promotes bra burning and "free the nipple"

 

[Papsmearer]

Not confusing at all. Cut is correct. No cut also correct.

I think the PAP should just cut their lancheows.

 

[Leongsam]

if you administer a network it's not confusing at all. networks are compartmentalized and segmented using both l2 and l3 vpns going over a common backbone. we have to separate trillions of customer/client flows and sessions on various vrf's from network control and other engineering/oa&m functions on either filter-based or vrf instances. main bulk of syn-based attacks (tcp vulnerability) at billions per hour constantly attempt to penetrate the master database storing sensitive and private data of customers. since most staff rely on ms-os for their work pc's and laptops including outlook email servers, the greatest pain-point for any i.t. or network department in cybersecurity has always been mitigating issues on windows-based os, which goes through patches and preventive downloads to address new threat signatures almost every other week. the loss of productivity in these mandatory patches alone for thousands of employees can easily top 2 hours per employee per bi-weekly. moreover it's not 100% foolproof.

a connected network (with internet access) goes through billions of possible attack attempts an hour and is therefore extremely vulnerable, but a so called "disconnected" network or vpn (intranet with no internet access) also goes through hacking attempts - in this case it's mostly via os patches, upgrades and downloads. yes, a patch to remove a threat can introduce a new vulnerability. a "closed" system is never closed as it requires periodic software patches and upgrades. for some super sensitive networks, only cd upgrades are used to isolate access from outside sources but most sensitive networks today rely on remote software upgrades and provisioning from a centralized server - a reason why most servers today holding confidential data run on linux (not that ms shit) with a lot of customized protection software and network accelerators. not surprising anymore to see extremely sophisticated load balancing with f/w, idp, and dpi sifting through every packet with either asics, fpga's, or gpu's to try to "sterilize" and forward data at wirespeed. to truly avoid the bulk of attacks, own i.t. and network folks need to "customize" and mod their server os from making it too vanilla and easy for determined hackers. if hackers manage to embed codes, sniffer bots and or trojans in the os without being discovered, no amount of zero access to the internet will help.

The average samster eg papsmearer is a dimwit. He can't even understand my simplified explanation and you expect him to understand what you wrote?

And those that lambast the IT skills of the network administrators for being unable to secure the network don't understand shit either because the vulnerabilities have nothing to do with the admins.

 

[Thick Face Black Heart]

The average samster eg papsmearer is a dimwit. He can't even understand my simplified explanation and you expect him to understand what you wrote?

And those that lambast the IT skills of the network administrators for being unable to secure the network don't understand shit either because the vulnerabilities have nothing to do with the admins.

I am in absolute agreement with you. However you have neglected to consider that IDA bungled their press release badly, and miscommunication from govt officials resulted in confusion in the general public. They don't seem to know what they are talking about and it is worrisome that tech-illiterate people are in charge of handling the nation's net connectivity.

 

[Leongsam]

I am in absolute agreement with you. However you have neglected to consider that IDA bungled their press release badly, and miscommunication from govt officials resulted in confusion in the general public. They don't seem to know what they are talking about and it is worrisome that tech-illiterate people are in charge of handling the nation's net connectivity.

I honestly don't understand why a press release was needed in the first place.

How a network is configured is an internal matter of the organisation concerned. If internet access is going to be moved to a separate network all that is needed is an office memo informing staff of any impending changes.

 

[winnipegjets]

More money to be spent on IT. Every civil servants will now have two computers ...one that access only government networks and the others for everything else. Productivity will definitely be very 'good'!

More civil servants will be needed consequently.

 

[eatshitndie]

I honestly don't understand why a press release was needed in the first place.

How a network is configured is an internal matter of the organisation concerned. If internet access is going to be moved to a separate network all that is needed is an office memo informing staff of any impending changes.

yup, it's better to keep any gobbledygook away from the public as more of it will confuse the average beng, trip themselves up, and attract unnecessary attention from the worldwide hacker community. it will just bring more hacking attempts from the main perpetrators and those not even involved previously to try their skills out of curiosity and a bold challenge.

they should have simply stated the following to staff without any need to go into technical details:
"effective from january 1 next year, a new network scheme will be implemented. we will provide further instructions relevant to your role and work assignments over the next 6 months."

 

[Leongsam]

More money to be spent on IT. Every civil servants will now have two computers ...one that access only government networks and the others for everything else. Productivity will definitely be very 'good'!

More civil servants will be needed consequently.

Hardware is dirt cheap. The savings achieved from detaching the government network from the internet will pay for the extra hardware 10 times over.

I currently spend at least USD200 every month to my tech guy to keep my servers as secure as possible. Patching is almost a weekly affair and very often seemingly innocuous features contain gaping security holes which need to be plugged asap.

Even something as simple as an image uploader can be used for injecting malicious code that can compromise the whole server and not just the forum.

 

[Brightkid]

More money to be spent on IT. Every civil servants will now have two computers ...one that access only government networks and the others for everything else. Productivity will definitely be very 'good'!

More civil servants will be needed consequently.

Now, this is going to be interesting part, and probably the geeze of the entire new policy.

Buy more hardware and software! When POs starts to flow, money flows too.

 

[Leongsam]

Buy more hardware and software! When POs starts to flow, money flows too.

Please elaborate why more software POs will be required.

 

[tanwahtiu]

if Google, the might search engine, used by 1 billion people a day can find ways to secure their biz, old fart lee junior with billions of dollars tax payers CPF money cannot fix bugs problems then the true incompetent leadership of him has surfaced.

if you administer a network it's not confusing at all. networks are compartmentalized and segmented using both l2 and l3 vpns going over a common backbone. we have to separate trillions of customer/client flows and sessions on various vrf's from network control and other engineering/oa&m functions on either filter-based or vrf instances. main bulk of syn-based attacks (tcp vulnerability) at billions per hour constantly attempt to penetrate the master database storing sensitive and private data of customers. since most staff rely on ms-os for their work pc's and laptops including outlook email servers, the greatest pain-point for any i.t. or network department in cybersecurity has always been mitigating issues on windows-based os, which goes through patches and preventive downloads to address new threat signatures almost every other week. the loss of productivity in these mandatory patches alone for thousands of employees can easily top 2 hours per employee per bi-weekly. moreover it's not 100% foolproof.

a connected network (with internet access) goes through billions of possible attack attempts an hour and is therefore extremely vulnerable, but a so called "disconnected" network or vpn (intranet with no internet access) also goes through hacking attempts - in this case it's mostly via os patches, upgrades and downloads. yes, a patch to remove a threat can introduce a new vulnerability. a "closed" system is never closed as it requires periodic software patches and upgrades. for some super sensitive networks, only cd upgrades are used to isolate access from outside sources but most sensitive networks today rely on remote software upgrades and provisioning from a centralized server - a reason why most servers today holding confidential data run on linux (not that ms shit) with a lot of customized protection software and network accelerators. not surprising anymore to see extremely sophisticated load balancing with f/w, idp, and dpi sifting through every packet with either asics, fpga's, or gpu's to try to "sterilize" and forward data at wirespeed. to truly avoid the bulk of attacks, own i.t. and network folks need to "customize" and mod their server os from making it too vanilla and easy for determined hackers. if hackers manage to embed codes, sniffer bots and or trojans in the os without being discovered, no amount of zero access to the internet will help.

 

[tanwahtiu]

go back the old ways upload/ download through servers, refresh every time upload/down to servers.

ban httprequest code.



the client-side JavaScript codes to PC are malicious virus codes that infect the PC.

Hardware is dirt cheap. The savings achieved from detaching the government network from the internet will pay for the extra hardware 10 times over.

I currently spend at least USD200 every month to my tech guy to keep my servers as secure as possible. Patching is almost a weekly affair and very often seemingly innocuous features contain gaping security holes which need to be plugged asap.

Even something as simple as an image uploader can be used for injecting malicious code that can compromise the whole server and not just the forum.

 

[Brightkid]

Please elaborate why more software POs will be required.

Oh, I thought each additional PC will need at least a license of microshit Office. And each license need to be bought. No? This probably the bare minimum.

Either government can use pirated copies without need to pay, or they buy option of each computer to come with a monkey inside doing all the scripting, spreadsheets and charts?

 

[Leongsam]

if Google, the might search engine, used by 1 billion people a day can find ways to secure their biz, old fart lee junior with billions of dollars tax payers CPF money cannot fix bugs problems then the true incompetent leadership of him has surfaced.

Google by its very nature has to be online and accessible to everyone. That's what they are in business for. They therefore throw massive amounts of resources into securing the network and even then it is not 100% secure.

However, the sensitive information that is held by the Singapore government does not need to be connected to the web in real time. It is therefor far more cost effective and efficient to isolate it from the rest of the www as far as possible.

 

[Leongsam]

Oh, I thought each additional PC will need at least a license of microshit Office. And each license need to be bought. No? This probably the bare minimum.

Either government can use pirated copies without need to pay, or they buy option of each computer to come with a monkey inside doing all the scripting, spreadsheets and charts?

Large corporations and government entities do bulk licensing. They pay a fixed price and that's it.

 

[tanwahtiu]

best option is go back to the past send sensitive document by postal services.

all Pommies industrial revolution technology come to nought.

angmoh Ericson re-creating light and electricity to computer it is a waste of time. fuck the angmoh invention.

Google by its very nature has to be online and accessible to everyone. That's what they are in business for. They therefore throw massive amounts of resources into securing the network and even then it is not 100% secure.

However, the sensitive information that is held by the Singapore government does not need to be connected to the web in real time. It is therefor far more cost effective and efficient to isolate it from the rest of the www as far as possible.