Not confusing at all. Cut is correct. No cut also correct.
no cut i worry
Not confusing at all. Cut is correct. No cut also correct.
You trying to scare Lee the programmer/developer extraordinaire shitless? "My Diploma in Computer Science last time never got this thingy"if you administer a network it's not confusing at all...help.
WP and SDP manifesto in the next election will include "free the internet".
Not confusing at all. Cut is correct. No cut also correct.
if you administer a network it's not confusing at all. networks are compartmentalized and segmented using both l2 and l3 vpns going over a common backbone. we have to separate trillions of customer/client flows and sessions on various vrf's from network control and other engineering/oa&m functions on either filter-based or vrf instances. main bulk of syn-based attacks (tcp vulnerability) at billions per hour constantly attempt to penetrate the master database storing sensitive and private data of customers. since most staff rely on ms-os for their work pc's and laptops including outlook email servers, the greatest pain-point for any i.t. or network department in cybersecurity has always been mitigating issues on windows-based os, which goes through patches and preventive downloads to address new threat signatures almost every other week. the loss of productivity in these mandatory patches alone for thousands of employees can easily top 2 hours per employee per bi-weekly. moreover it's not 100% foolproof.
a connected network (with internet access) goes through billions of possible attack attempts an hour and is therefore extremely vulnerable, but a so called "disconnected" network or vpn (intranet with no internet access) also goes through hacking attempts - in this case it's mostly via os patches, upgrades and downloads. yes, a patch to remove a threat can introduce a new vulnerability. a "closed" system is never closed as it requires periodic software patches and upgrades. for some super sensitive networks, only cd upgrades are used to isolate access from outside sources but most sensitive networks today rely on remote software upgrades and provisioning from a centralized server - a reason why most servers today holding confidential data run on linux (not that ms shit) with a lot of customized protection software and network accelerators. not surprising anymore to see extremely sophisticated load balancing with f/w, idp, and dpi sifting through every packet with either asics, fpga's, or gpu's to try to "sterilize" and forward data at wirespeed. to truly avoid the bulk of attacks, own i.t. and network folks need to "customize" and mod their server os from making it too vanilla and easy for determined hackers. if hackers manage to embed codes, sniffer bots and or trojans in the os without being discovered, no amount of zero access to the internet will help.
The average samster eg papsmearer is a dimwit. He can't even understand my simplified explanation and you expect him to understand what you wrote?
And those that lambast the IT skills of the network administrators for being unable to secure the network don't understand shit either because the vulnerabilities have nothing to do with the admins.
I am in absolute agreement with you. However you have neglected to consider that IDA bungled their press release badly, and miscommunication from govt officials resulted in confusion in the general public. They don't seem to know what they are talking about and it is worrisome that tech-illiterate people are in charge of handling the nation's net connectivity.
I honestly don't understand why a press release was needed in the first place.
How a network is configured is an internal matter of the organisation concerned. If internet access is going to be moved to a separate network all that is needed is an office memo informing staff of any impending changes.
More money to be spent on IT. Every civil servants will now have two computers ...one that access only government networks and the others for everything else. Productivity will definitely be very 'good'!
More civil servants will be needed consequently.
More money to be spent on IT. Every civil servants will now have two computers ...one that access only government networks and the others for everything else. Productivity will definitely be very 'good'!
More civil servants will be needed consequently.
Buy more hardware and software! When POs starts to flow, money flows too.
if you administer a network it's not confusing at all. networks are compartmentalized and segmented using both l2 and l3 vpns going over a common backbone. we have to separate trillions of customer/client flows and sessions on various vrf's from network control and other engineering/oa&m functions on either filter-based or vrf instances. main bulk of syn-based attacks (tcp vulnerability) at billions per hour constantly attempt to penetrate the master database storing sensitive and private data of customers. since most staff rely on ms-os for their work pc's and laptops including outlook email servers, the greatest pain-point for any i.t. or network department in cybersecurity has always been mitigating issues on windows-based os, which goes through patches and preventive downloads to address new threat signatures almost every other week. the loss of productivity in these mandatory patches alone for thousands of employees can easily top 2 hours per employee per bi-weekly. moreover it's not 100% foolproof.
a connected network (with internet access) goes through billions of possible attack attempts an hour and is therefore extremely vulnerable, but a so called "disconnected" network or vpn (intranet with no internet access) also goes through hacking attempts - in this case it's mostly via os patches, upgrades and downloads. yes, a patch to remove a threat can introduce a new vulnerability. a "closed" system is never closed as it requires periodic software patches and upgrades. for some super sensitive networks, only cd upgrades are used to isolate access from outside sources but most sensitive networks today rely on remote software upgrades and provisioning from a centralized server - a reason why most servers today holding confidential data run on linux (not that ms shit) with a lot of customized protection software and network accelerators. not surprising anymore to see extremely sophisticated load balancing with f/w, idp, and dpi sifting through every packet with either asics, fpga's, or gpu's to try to "sterilize" and forward data at wirespeed. to truly avoid the bulk of attacks, own i.t. and network folks need to "customize" and mod their server os from making it too vanilla and easy for determined hackers. if hackers manage to embed codes, sniffer bots and or trojans in the os without being discovered, no amount of zero access to the internet will help.
Hardware is dirt cheap. The savings achieved from detaching the government network from the internet will pay for the extra hardware 10 times over.
I currently spend at least USD200 every month to my tech guy to keep my servers as secure as possible. Patching is almost a weekly affair and very often seemingly innocuous features contain gaping security holes which need to be plugged asap.
Even something as simple as an image uploader can be used for injecting malicious code that can compromise the whole server and not just the forum.
Please elaborate why more software POs will be required.
if Google, the might search engine, used by 1 billion people a day can find ways to secure their biz, old fart lee junior with billions of dollars tax payers CPF money cannot fix bugs problems then the true incompetent leadership of him has surfaced.
Oh, I thought each additional PC will need at least a license of microshit Office. And each license need to be bought. No? This probably the bare minimum.
Either government can use pirated copies without need to pay, or they buy option of each computer to come with a monkey inside doing all the scripting, spreadsheets and charts?
Google by its very nature has to be online and accessible to everyone. That's what they are in business for. They therefore throw massive amounts of resources into securing the network and even then it is not 100% secure.
However, the sensitive information that is held by the Singapore government does not need to be connected to the web in real time. It is therefor far more cost effective and efficient to isolate it from the rest of the www as far as possible.