Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page69/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   65   66   67   68   69   70   71   72   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part III
Page 78 of 425

of accessing critical servers, including the Citrix servers that were connected to
CII, from user workstations using RDP without any restriction imposed.
231. In response to the audit finding, IHiS decided that a combination of hardware and software firewall rules would be used to restrict RDP connections from the end-user segments to the SingHealth servers.
232. The SGH Citrix servers were deployed on a subnet which was not protected by a hardware firewall. Woon Lan has explained that while a hardware firewall was operational since January 2017 where the relevant Citrix servers were sited, the Citrix servers were not placed behind the firewall in view of plans to migrate them to H-Cloud. This was scheduled to be done by the end of FY
(i.e. April 2019). The security risk from not placing the servers behind the hardware firewall was recognised by IHiS, and the interim plan was to turn on the software firewalls in the servers.
233. However, software firewall rules to restrict RDP access were not enabled on the SGH Citrix servers either. Lum has explained that this was because the
SGH Citrix servers were used to host a wide range of applications, some of which had complex requirements in terms of the ports they needed to access. If the builtin software firewall was enabled, it would be very difficult for staff to configure and manage the ports that had to be allowed in order for the various applications to function. Woon Lan has clarified that she was not aware that the software firewalls were not turned on for the SGH Citrix servers. While there is no written record evincing this, Woon Lan’s evidence is that a decision had been taken around April 2017, further to a discussion between her and Nick Thoo (the IHiS Tower Lead for Network Services at the time, for the software firewalls to be enabled for the SGH Citrix servers. It is not clear whether this decision was communicated to the relevant staff, or if any steps were taken to confirm that the instructions were duly carried out.
234. In any case, the fact remains that as at the time of the attack, RDP access from user workstations to the SGH Citrix servers were not restricted by any hardware or software firewall. A person with the necessary account credentials


Download 5.91 Mb.

Share with your friends:
1   ...   65   66   67   68   69   70   71   72   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy