Maintaining business continuity, i.e. the ability to undisturbed implementation of the main processes that bring income to the company, is one of the tasks that are often delegated to representatives of the IT department. Due to the high involvement of information technology in business processes, the IT department seems to be the cell best prepared to handle any unforeseen situations in the form of hardware failure, user errors or deliberate actions by intruders. Is this assumption correct? Unfortunately, not entirely.

Indeed, technology is one of the main factors that have the greatest impact on the performance of any organization and, at the same time, a factor that fails relatively often. Therefore, when we think about business continuity, first of all, solutions aimed at ensuring operation in the event of failure are verified. They are most often limited to redundancy, i.e. redundancy that allows uninterrupted operation in the event of damage to one of the system components. Another category of security are backup systems, which are to make the environment immune to situations related to data loss as a result of a failure, user error or deliberate action to our detriment. Both backup systems and solutions ensuring high availability (HA) are something without which the IT department would not be able to fulfill its business function. If they were not there, the first failure would have serious consequences for those responsible for maintaining the ICT environment. Continue ...

Personal data breach incident - how to handle it?

It is the fifth month since the new regulations on the protection of personal data come into force. The period of the media storm related to the GDPR is probably behind us. Slowly, everyone has adapted to the new regulations, completed the documentation, implemented appropriate procedures and are trying to implement them with more or less commitment. However, one of the most frequent dilemmas related to the protection of personal data is the handling of security breach incidents.

Where did the idea for incident handling come from?

Both the old Act on the Protection of Personal Data and the new provisions of the GDPR mention the need to keep a register of incidents and implement the process of their proper handling. Where do such requirements come from? It is probably a derivative of ISO standards, where such a register has a control function that allows to monitor and evaluate the effectiveness of the information security management system. The number and frequency of security incidents proves whether our data protection system is effective. It also allows you to verify whether the security measures introduced by us are effective, i.e. whether they cause the number of incidents to decrease. Continue ...

On Thursday, June 28 this year. in Mous Bar a dedicated meeting will be held on the 15th floor of the Bałtyk office building in Poznań technical security issues related to the GDPR.

In a pleasant atmosphere of a business breakfast with a view of the whole of Poznań, we will discuss data leakage and theft protection offered by Palo Alto Networks (Next generation Firewalls and TRAPS):

• Securing personal data,
• Data protection against unauthorized access / theft,
• Reporting on events related to data theft.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

For more information on the compliance of Palo Alto Networks products with GDPR requirements, see here.

We have just over two weeks until the new regulations on the protection of personal data enter into force. Adopted by the European Parliament in April 2016, the General Data Protection Regulation, known as the General Data Protection Regulation (GDPR), will come into force on May 25, 2018.
Lawyers actively support their clients in adjusting formal requirements to the new regulations. However, the preparation of appropriate templates of information clauses, questions for consents to the processing of personal data and contracts for entrusting or sharing data is not everything. It is important to adapt the technical infrastructure to the new realities along with formal and legal activities. And here a question often arises that lawyers are not able to answer: "what requirements must the IT infrastructure meet to be considered compliant with the provisions of the GDPR"? This problem stems from the fact that, unlike the "old" Act on Personal Data Protection, the new regulations do not indicate specific technical requirements. In the entire Regulation, there are only general conditions relating to the safety of infrastructure. So how do you adapt to them? We will try to help you find the answer to this question.

So what are these general requirements? Article 32 of the GDPR, which specifies that the personal data administrator implements appropriate technical measures to ensure a level of security corresponding to the risk, is the most relevant to this topic. It asks, inter alia, attention to solutions such as:

• Personal data encryption
• The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
• The ability to quickly restore the availability and access to personal data in the event of a physical or technical incident
• Regularly testing, measuring and evaluating the effectiveness of technical measures to ensure the security of processing

Continue ...

As you probably already know, on May 25, 2018. new provisions on the protection of personal data enter into force - the so-called GDPR. One of the novelties defined in the regulation is the right of persons whose data we process to "be forgotten". They are defined in article 17 of the GDPR, the content of which is as follows:

Art.17

Right to erasure ("right to be forgotten")
1.The data subject has the right to request the administrator to delete his personal data without undue delay, and the administrator is obliged to delete personal data without undue delay, if one of the following circumstances occurs:
a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject has withdrawn consent on which the processing is based in accordance with art. 6 sec. 1 lit. a) or Art. 9 sec. 2 lit. a), and there is no other legal basis for the processing;
c) the data subject objects to the processing pursuant to Art. 21 paragraph 1 against processing and there are no overriding legitimate grounds for processing or the data subject objects to the processing pursuant to art. 21 paragraph 2 against processing;
d) the personal data have been processed unlawfully;
e) personal data must be removed in order to comply with the legal obligation provided for in the Union law or the law of the Member State to which the controller is subject;
f) the personal data have been collected in relation to the offering of information society services referred to in art. 8 sec. 1.

However, the client's request, which seems to be easy to fulfill, raises some doubts. Backup system administrators pay attention to the fact that deleting a single record of personal data from an archival copy, which is stored on an external medium, sometimes in an external location and Continue ...

Systems implemented to protect IT infrastructure, like any other, may be vulnerable to various types of threats. There are many known cases of threats related to, for example, anti-virus software. We can cite here, for example, the recent critical errors of the RCE class (remote code execution) in the Windows Defender service. In 2017 alone, 6 vulnerabilities were identified, estimated at 9.3 on the 10 point CVE scale.

The same is the case with devices such as firewall, UTM, NG firewall. We can quote some of the louder mishaps a hole in the Cisco ASA IPsec service (versions 7.2-9.5). A buffer overflow vulnerability rated at 10 on the CVE scale could lead to remote code execution.

The end of last year is, in turn, an equally critical flaw in Palo Alto Networks products. PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier turned out to be vulnerable to remote code execution as root without the need for authentication. Two were also identified in 2017 other critical vulnerabilities in PAN-OS systems.

Considering the above information, it is worth taking care of regular updates of your security systems. Below we present a tutorial on how to configure Palo Alto Networks PAN-OS updates.

On October 11-13, 2017, the Primavera Conference & Spa hotel in Jastrzębia Góra takes place II IT Security Forum in Administration. There is a nationwide conference addressed to people responsible for cybersecurity in the public sector.

The topics of the Forum include both organizational and technical issues related to protection against external and internal threats. During the meeting, topics such as:

• obligations of public entities towards the President of the Data Protection Office under the new Data Protection Act,
• preparation of data protection documentation in accordance with the requirements of the GDPR,
• IT systems vulnerability testing,
• civil liability of administrators under the GDPR,
• risk analysis as the basis for the implementation of data protection: methods, scope, practice.

At its stand as part of the Forum, our company will present:

• implementation of network protection solutions based on PaloAlto firewalls and user station protection system using TRAPS software,
• security and GDPR compliance audits,
• NetApp arrays as an efficient platform supporting applications and guaranteeing data availability,
• our proprietary "Plug-In backup" solution built on the basis of Veeam products (data protection in 5 minutes, monthly billing according to the number of virtual machines).

Our participation in the Forum will be complemented by 2 webinars organized after the end of the event:

• PaloAlto next generation firewalls and TRAPS workstation protection - 20 October 2017, 11.00 a.m.,
• IT security in the context of GDPR - 27 October 2017, 11.00 a.m.

A dozen or so days ago it ended VI Wielkopolski Convention of IT specialists and XXX Club of Local Government IT. Our company once again participated in this event as a Partner and exhibitor.

At the UpGreat stand, we presented our IT security services:

• implementation of network protection solutions based on PaloAlto firewalls and user station protection system using TRAPS software,
• security and GDPR compliance audits,
• NetApp arrays as an efficient platform supporting applications and guaranteeing data availability,
• our proprietary "Plug-In backup" solution built on the basis of Veeam products (data protection in 5 minutes, monthly billing according to the number of virtual machines).

The presentations and information materials shown during the seminar can be downloaded from our website:

• presentation about UpGreat
• presentation about PaloAlto next generation firewalls and TRAPS workstation protection
• presentation about NetApp matrices as a proposal for local governments
• presentation about IT security in the context of GDPR
• a short film showing breaking into a WLAN - WEP network
• a short video showing breaking into a WLAN - WPA

Additional downloads:

• overview of PaloAlto firewall parameters
• PaloAlto Threat Prevention - comprehensive network protection against exploits and malware
• compliance of PaloAlto firewalls with the requirements of the GDPR
• WildFire service - protection against targeted and unknown malware
• TRAPS - advanced protection for workstations
• PaloAlto AUTOFOCUS service - enhancing protection against threats
• NetApp E2800 matrix - specification
• Veeam Backup & Replication - product description
• SOC service provided by UpGreat
• security audits performed by UpGreat

We would like to thank all the people who visited our stand and listened to our presentations. Of course, feel free to contact us!

We are after the technological meeting "Tasty morsels in the HPE menu", which took place on September 19, 2017 at the Concordia Design conference center in Poznań. During the meeting, some interesting HPE technologies were discussed:

• HPE VM Explorer and HPE StoreOnce - an alternative to expensive backup solutions. HPE VM Explorer is an inexpensive software for data protection in virtual environments (the list price of the Professional version for 4 processors with annual support is PLN 3,417.00 net). According to Gartner, HPE StoreOnce is the leader of deduplication solutions next to EMC DataDomain. HPE StoreOnce is a virtual or hardware appliance with a capacity from 5.5TB to 1.7PB - the nominal deduplication ratio is 20: 1.
• HPE StoreVirtual 3200 - enables the construction of multisite stretched cluster (network RAID). The HPE StoreVirtual 3200 array can be used independently as mass storage or as a network RAID in a configuration extended to two nodes.
• HPE Synergy 1200 - a new platform for blade servers enabling the construction of composable platforms for applications. The HPE Synergy 12000 is the successor to the blade computers (c7000 chassis).
• HPE Moonshot - a system enabling the construction of solutions with a large number of servers - high packaging, many hardware platforms and a very low expansion cost. Possible applications of HPE Moonshot are solutions for HDI (hosted desktop infrastructure), virtualization, solutions hadoop, efficient image and sound processing. HPE Moonshot will be perfect for a university or in a development environment.
• HPE Apollo - a very efficient server solution ensuring high density of server modules and mass memory at the same time. With the use of HPE Apollo, we can build efficient clusters for a variety of applications, e.g. in design, simulations, financial risk modeling or scientific modeling.
• HPE 3Par - we discussed the new version of 3Par OS 3.3.1 and favorable changes in the licensing of individual functionalities. HPE 3Par StoreServe is a family of mass storage products dedicated to large enterprises. HPE 3Par StoreServe enables the construction of efficient multi-node storage solutions ensuring redundancy and load balancing.

Our audience.

Below are the presentations and materials from the seminar:

• Piotr Flis - About UpGreat
• Maciej Grabowski - server solutions
• Piotr Nogaś - mass storage solutions

Additional information:

• HPE VM Explorer specification (simple backup software)
• HPE StoreOnce specification (storage with deduplication)
• HPE StoreVirtual 3200 specification (2-node matrix with built-in replication)
• HPE Moonshot specification (blade server system - up to 180 computers in one housing)
• HPE Moonshot presentation
• HPE 3Par StorServe 7000 specification (multi-node enterprise-class array)
• HPE Synergy 480 Gen10 Module specification (the latest module for HPE Synergy 12000)
• HPE Synergy 660 Gen10 Computing Module specification (the latest module for HPE Synergy 12000)
• HPE Apollo system specification (efficient modular servers)

We would like to thank everyone present for their time and invite you to contact our Sales Department!

The HPE offer includes several new products and opportunities that we decided to present to you at a technology meeting that we organize together with HPE Polska.

Below we present our subjective choice:

• An alternative backup solution at a very good price: HPE VM Explorer + deduplication from HPE StoreOnce (alternative to veeam).
• Inexpensive multisite stretched cluster (network RAID) using the HPE StoreVirtual 3200 array.
• The successor of blade servers - HPE Synergy 12000 (especially interesting for owners of blade computers, a lot of news).
• Cosmic possibilities with HPE Moonshot and HPE Apollo servers (highly scalable modular computers with high density).
• News in the HPE 3PAR world - additional functionalities, favorable licensing changes.

Our free seminar will be held on Tuesday, September 19 at the Concordia Design conference center in Poznań at 3 Zwierzyniecka Street. Apart from interesting topics and gifts that we will distribute among the participants of the meeting, the proximity of the newly opened "Bałtyk" Business Center will be an additional attraction: o)

Information on the meeting agenda can be found here here. Please register using form on our websitej.