High school graduation exam website: increased security

TTO - The website http://thisinh.thithptquocgia.edu.vn/ managing the national high school graduation exam has been put into operation to support candidates with information related to the exam and admission wishes.

The website has a function that allows candidates to manage their exams from registration to viewing exam results, considering recognition of high school graduation, and considering university and college admissions.

Therefore, ensuring the website operates smoothly and securely is extremely important because even a small incident can affect millions of candidates. Tuoi Tre once expressed the opinion of a cybersecurity expert about the challenges when the website officially goes into operation.

We continue to discuss with the website builder and operator - IT Solutions Center - Viettel Telecom - to provide more information to readers.

Absolutely safe?

Mr. Duong Cong Duc, Deputy Director of Viettel IT - Telecommunications Solutions Center, said that the software is divided into two access areas (for candidates and for management levels including reception points, examination clusters, departments, and ministries) to share the load and avoid affecting each other's work areas.

With candidate partitioning, the system can accommodate a large number of candidates logging in at the same time and is ready to upgrade to respond when there are signs of an increase in the number of users.

National high school exam website login interface. - Photo: D. Thien screenshot

The system is designed with separate layers (application layer and database layer), separate partitions (area for candidates and area for management levels), ensuring load sharing and system security, when one area has a problem, it will not affect the remaining areas. The area for candidates is designed with many virtual servers, ensuring absolute security. (!?)

Regarding technical operations, Viettel has invested in four firewall systems, four load balancing systems, four switching systems and 40 high-configuration physical servers; the software has a solution to ensure good security (using VPN virtual private network solution to authenticate accounts).

Regarding technical monitoring and support, Viettel said they have a 24/7 support network with a wide coverage across the country, ensuring a stable and smooth system, serving all participants in the system.

Should anticipate the incident

According to cybersecurity experts, this is a very important website so it is inevitable that it will be attacked, and there will even be targeted attacks to change, modify information, notifications...

Security expert Tran Quang Chien, director of VNIST Corp, pointed out some security possibilities that the above website may encounter such as: hackers attacking and exploiting vulnerabilities in the system to steal personal information of candidates; hackers attacking and changing content (editing information, editing scores, changing notifications for candidates...); especially, the website may be attacked by DDOS, disrupting the registration process and viewing information of candidates.

Therefore, according to Mr. Chien, website developers need to have a testing process, security assessment before putting it into use, and at the same time conduct cyber security incident drills to have solutions in case of bad situations.

In addition, the system must be invested in infrastructure (servers, bandwidth, network...) to combat large-scale DDoS attacks; there must be 24/7 network security monitoring systems to detect incidents and cyber attacks as soon as possible; there must be 24/7 support information channels for candidates in case of account loss...

On the user side, candidates also need to protect themselves from fake websites (websites with interfaces and functions similar to the Ministry of Education and Training's website system, these websites aim to collect candidate information), because many candidates do not have much access to computers and the Internet.