How does the NTP protect against credentials theft?
How does the NTP protect against hackers and intruders, and defend against denial-of-service (DoS) attacks?
- We employ defense-in-depth, raising the barriers for attackers by implementing every applicable controls in CIS Top 20 Critical Security Controls.
- We run the NTP with high redundancy across multiple data centres, and behind the shield of cloud-based DoS protection.
- We encrypt data in transit between Value-Added Services (VAS) and the NTP and between data centres, and we encrypt data at rest in data stores.
If I connect to the NTP, can I still comply to regulatory requirements, such as Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) and Payment Card Industry Data Security Standard (PCI DSS)?
You will be issued with Application Programming Interface (API) keys and private keys that will be used by your applications to authenticate to the NTP API server. It is your responsibility to securely store and use the API keys and private keys.
The NTP does not store the private keys; The NTP only stores the public keys used for verifying the digital signature sent during authentication.
Additionally, you are required to use Hypertext Transfer Protocol Secure (HTTPS) to guard against someone sniffing out for your API keys when your applications connect to the NTP.
The NTP employs state-of-the-art technology, best practices, and security engineers working round the clock to spot and respond to threats early. We get better with each incident and we continuously update our technology, processes and people to keep pace with evolving threats.
Here are some ways we ensure security:
The NTP is built to strict security requirements to comply to whole-of-government security policies as well as Personal Data Protection Act (PDPA). We also align our technology, process and people to industry standard - ISO-27001-2013.
To help you comply with the regulatory requirements relevant to your industry, our implementation team will work closely with you to ensure that your applications can connect securely to the NTP and your data is protected in the NTP data centres.
You may want to...
Get in touch with NTP or Customs’ call centre if you are facing technical difficulties or would like to speak to someone.