We finished in early July series of workshops introducing our clients to IT security issues. There were four meetings devoted to the following topics:

• Penetration tests (reconnaissance, scanning, enumeration, metasploit, password cracking, wifi analysis),
• Social engineering tests (backdoors, delivering malware, avoiding detection by antiviruses),
• Web application tests (password cracking, SQL injecting, BurpSuite scanning),
• Risk analysis and protection of personal data in the context of GDPR.

In total, about 40 people visited us during the workshops. More people were interested, but due to the capacity of our conference room, we could not register all of them

Our experience gained so far during security audits and system tests shows that the security solutions used in enterprises do not correspond to rapidly changing threats, and one of the most effective and, at the same time, the most neglected security measures for IT systems is training and a continuous process of improving employee competences. It should be noted that training should be periodic and be oriented towards updating knowledge in line with emerging threats.

I am pleased to inform you that our autumn safety workshop proposals for you are very interesting. You will of course be informed about the dates. The topics presented include new generation firewalls operating on the application layer, protection of workstations with the use of behavioral analysis, issues of backup as a service and outsourcing of services related to security.

Using the links below, you can read the materials from our workshops:

• Ethical hacker workshop,
• GDPR workshops - risk analysis,
• assets - risk analysis.

We would like to thank all participants for their time and feel free to contact us.

In recent days, some companies have experienced a ransomware attack WannaCry. More than 200,000 computers in over 100 countries have been infected. Antivirus protection and user training are not always effective with this type of software. For this reason, an efficient solution for managing data backups (backup) is an effective supplement to data protection methods.

We invite you to a workshop on EMC Avamar - the best workstation and server backup solution on the market, which will take place on June 8 this year at our company's headquarters in Poznań at 22 Ostrobramska Street.

The distinctive features of EMC Avamar are:
- backup of physical and virtual environments,
- backup of servers, workstations and databases (MS-SQL, Oracle, DB2),
- the best data deduplication ratio on the market (many times better than in the case of veeam Backup & Replication),
- efficient deduplication "on the source side",
- efficient work in a wide area network - effective use of the available band,
- data recovery also available to users,
- reconstruction of single and whole machines (also "bare metal"),
- intuitive user interface,
- very favorable licensing.

EMC Avamar is available as a complete hardware appliance containing the necessary disk resources and as a virtual appliance. EMC Avamar can be complemented by EMC DataDomain - an efficient, hardware data deduplicator.

During our workshops, we will discuss in detail the technical aspects of EMC Avamar's operation and show the solution in action. After the workshop is over, you will have the option of renting the device and testing your environment.

The workshop is free of charge.

To register your participation in the meeting, please use form on our website.

We cordially invite you and see you!

Ladies and gentlemen,

IT system security issues are of interest not only to institutions such as banks, energy companies and government administration. The problem affects all companies, regardless of their size, on a daily basis, including many of our clients. According to the report entitled "Business protection in digital transformation or 4 steps to a safer company" recently published by PwC Polska, as many as 96% companies experienced over 50 security incidents in the last year. Due to the growing integration of production systems with IT systems, threats also apply to the continuity of production.

According to our experience, the most common (realized) manifestation of cybercriminals' activity among our clients are the effects of ransomware in order to obtain a ransom. We wrote about the spectacular amounts of ransom in an article on our blog. In this context, it is also worth considering attacks on production systems (OT) such as production lines, industrial automation, and warehouses. In this case, you can also expect interest from cybercriminals - they can count on a large ransom for withdrawing from the attack, since in some companies known to us the costs of stopping and restarting production are counted in millions of zlotys.

In order to meet the expectations of our clients and to make them aware of the scale of the threats, we decided to organize a series of 4 workshops during which we will show how and how easy it is to threaten our IT and OT systems. Below you will find the dates and agendas of individual meetings. The meetings will be held at our company's headquarters in Poznań at 22 Ostrobramska Street. The duration of each workshop is 4 hours, and participation is free of charge.

During meetings 1, 2 and 3, please have a computer with a virtual machine with the KALI Linux distribution with you, the installation version of which can be downloaded using of this link.

Workshop 1 - Introduction to Penetration Testing - April 25, 2017

Topics:
- information reconnaissance,
- scanning and enumeration,
- brute force and dictionary attacks on passwords,
- attacks on WLAN networks.

To register for the workshop on April 25, 2017, please use registration form.

Workshop 2 - Penetration Testing and Social Engineering - May 16, 2017

Topics:
- metasploit,
- social engineering toolkit,
- generating backdoors,
- C&C servers.

To register for the workshop on May 16, 2017 please use registration form.

Workshop 3 - Web Application Penetration Testing - May 30, 2017

Topics:
- structure of web applications (languages, frameworks, web servers),
- introduction to SQL,
- vulnerability scanning,
- sql-injection and CSS attacks.

To register for the workshop on May 30, 2017, please use registration form.

Workshop 4 - General Data Protection Regulation (May 4, 2016, Official Journal of the European Union) - moved to July 4, 2017

Topics:
- uniform rules throughout the European Union,
- new obligations of the Data Protection Officer,
- risk analysis - methodologies and examples,
- severe penalties.

To register for the workshop on June 20, 2017 please use registration form.

You're welcome!

On April 6-7, 2017, at the Molo Hotel in Smardzewo on the Sulejowski Reservoir, the event will take place VI Convention of Informatics employed in public administration. The conference is aimed at representatives of public institutions responsible for computerization of their units. During the meeting, there will be a series of presentations devoted to, inter alia, e-services in public administration, medical records management and cloud services.

Our company is a partner of the convention alongside such companies as Microsoft, Samsung, Ever, Kyocera.

On the second day of the convention, Jakub Staśkiewicz, a security consultant in our company, will lead presentation entitled "Data leakage - how not to manage security incidents". During the demonstration, we will discuss in detail one of the cases of vulnerability to cyber threats detected by us in an organization providing services on the Internet.

During the entire convention, we also invite you to our stand, where you will be able to talk and consult related to the broadly understood information security. In addition to services like security audits, KRI audits, security policies and training, we also offer SOC (Security Operations Center) services, i.e. outsourcing of security management services.

Therefore, we invite all our customers and friends to the convention, to our presentation and to our stand. See you later!

Serious data leaks and security incidents do not necessarily have to be the result of deliberate actions by intruders aimed at a specific target. They are not always noticed immediately by the victims of the attack. Often a serious breach of security occurs as a result of a combination of several events and its detection may be the result of the inquisitiveness of a random person. The following is a transcript of an interesting investigation, as a result of which we discovered a very serious threat to customer data of a large hosting company.

WARNING:
The description below includes links to websites that have been attacked or maintained by reputable organizations. Opening them may be dangerous.

Case study

On one of the websites maintained at AZ.pl (a hosting company belonging to Home.pl that supports the largest number of domains in Poland according to http://top100.wht.pl/) I noticed suspicious behavior: typing the website address in the browser caused redirection to the address http://semanticore.com.pl/admin/dropbox/proposal/which opened a page pretending to be Dropbox and asking you to log in - a classic phishing. The first thing that occurred to me was that I missed my domain renewal and someone took over. But no, domain is paid for. So I log in to the hosting panel and check the website files. Several of them have today's modification date, although I have not made any changes today. The website has therefore been modified in an unauthorized manner. Quick analysis of possible attack vectors: Continue ...

The health service must immediately implement professional IT security solutions.

According to the current legal status, from August 1, 2017 (i.e. for a little more than a year), medical documentation will have to be kept only in an electronic company.

Although the date of entry into force of the provisions on electronic medical data of the "Act of April 28, 2011 on the information system in health care" has been postponed many times, and this may also be the case this time, we must take into account that this moment will inevitably is coming and will eventually come.

Undoubtedly, the implementation of the provisions of the Act and the ordinances of successive Health Ministers regarding electronic medical documentation imposes a gigantic and very responsible implementation task on the entire healthcare system. I really hope that the whole project will be successful. The consequence of launching electronic medical information systems will be increased requirements for the security of information systems in hospitals, clinics and other health care facilities.

There are several important places in medical information systems that can be vulnerable and vulnerable to cyber threats:

• Databases of personal data,
• Patient health databases,
• Life support systems and patient condition monitoring,
• HIS (Health Information Systems) in the medical and administrative part,
• Medical equipment,
• Other systems that may affect the implementation of key processes.

In January 2016, a spokesman for the Hospital in Ottawa reported that 4 of the nearly 10,000 computers in the hospital were attacked with software ransomware. This type of malware, after clicking on an attachment in an email, a link in an email or on a website, blocks files on the infected computer. After paying the ransom, the attack victim receives a key that enables the reopening of encrypted files. In the case of this attack, the hospital did not pay the ransom, and IT services wiped the contents of the disks and restored the data using backups. The hospital said the patient's data was not at risk.

Continue ...

On Monday, April 4 Brocade Communications Systems announced its intention to acquire the company for $ 1.5 billion Ruckus Wireless. It seems that another strong player on the network solutions market is emerging before our eyes, able to compete with such powers as HPE and Cisco.

It is clear that the takeover of Aruba by HP, about what we wrote in March 2015, resulted in a change of the market leader in network technologies. This is indicated by the Gartner report published in September 2015, which we commented recently on our blog. In addition to the leading position, HPE draws attention strong weakening of Cisco's position and the grouping of many companies in the middle of the chart for the completeness of the solution vision. Brocade and Ruckus are also in the main group.

At this point, however, it should be noted that for some time Gartner has been treating the offer of solutions in the field of wired and wireless networks as a whole. This approach enables an objective evaluation of the comprehensive network offer and at the same time weakens the position of manufacturers with only LAN solutions or only WLAN solutions. In this context, the Brocade-Ruckus offer should be strongly shifted to the right in the near future. This is all the more likely as both companies have the flexibility and adaptability that are not appropriate for very large corporations such as HPE or Cisco.

About Brocade Communications
Brocade was founded in 1995 by Seth Neiman - former manager at Sun Microsystems and professional racing driver (!), Kumar Malavia - co-author of the Fiber Channel protocol specification, and Paul R. Bonderson, manager from Intel and Sun Microsystems.

Currently, Brocade Communications Systems in IT environments is associated primarily with high-quality, efficient solutions for SAN networks. As a leader in the implementation of the Fiber Channel protocol, the company sells its products both through its own network of partners, as well as under OEM agreements with major suppliers of IT solutions such as HPE, Dell, EMC, NetApp, Fujitsu, Hitachi, Huawei, IBM, Lenovo or Oracle .
Beginning in 2008, after purchasing Foundry Networks, Brocade also offers a wide range of LAN and WAN devices. Such products include ultra-fast switches for data centers, enterprise-class switches and routers, load balancers. It should be mentioned that Brocade actively supports network virtualization solutions as well SDN (Software Defined Networking) by offering own products and participating in Open Networking Foundation and contribution to the work on the protocol OpenFlow.

We also invite you to read the article on our website dedicated to the product family Brocade FCS Fabric dedicated to data centers.

About Ruckus Wireless

Ruckus is an innovative company founded in 2004 by William Kish and Victor Shtrom. Since its inception, it has focused on providing indoor and outdoor wireless products from the "Smart WiFi" family for Internet providers and enterprises.

As the owner of many patents in the field of wireless voice, image and data transmission, Ruckus has made a significant contribution to the development of WLAN technology. Thanks to the use of adaptive matrix antennas, it was possible to increase the range and speed of data transmission, reduce interference effects and thus enable the transmission of delay-sensitive data and multimedia services using the standard 802.11 protocol.
It was Ruckus who invented and designed the technology of matrix antennas BeamFlexand then sold licenses to other producers to use beam forming technology. Beam forming technologies are now available on access points from many vendors such as Aruba, Cisco, Meru, and others.

In 2015, Ruckus was the first manufacturer to implement the 802.11ac Wave 2 standard in its access point long before others - it was the Ruckus ZoneFlex R710. According to data from Ruckus Wireless, this device provides transmission speed of 800Mbps at 2.4GHz and 1733Mbps at 5GHz.

Oh, it will be happening !!!

In recent years, we were associated mainly with Cisco Systems solutions. After introducing Aruba Networks solutions to HPE offer, Cisco is no longer a lonely leader on the market of enterprise-class networking solutions. In the Gartner report from September 2015, HPE significantly exceeds Cisco in terms of Completness of vision. On Concerns About HP's Purchase of Aruba Networks I wrote in March 2015, however, despite the threats, HPE was able to efficiently complete the merger of the two companies.

If we can offer our clients good solutions at a much better price, why not do it ?!

Source: Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, September 1, 2015

At present, the HPE Aruba Networking offer includes:

• Switches - modular devices and devices with a fixed number of ports addressed to data centers, campus networks, company branches and the small and medium-sized enterprise sector,
• Routers - modular devices with a fixed number of ports as well as virtual and wireless devices for use in branches.
• Access Points and Controllers - The offering covers the full line of Aruba devices.

Continue ...

Evolution of threats

Malware threats have changed radically over the last several years. Viruses, which at the end of the 20th century took the form of pranks displaying funny messages and sound or visual effects, have become a tool in the hands of organized crime groups. Behind today's malware is a thriving black market, where you can choose from offers to sell 0-days, exploits, exploitpacks, backdoors and even ready-made botnets consisting of thousands of hijacked computers. All of this makes it easier for organized crime groups to run large-scale phishing campaigns or infection with TeslaCrypt, CryptoLocker or CryptoWall ransomers.

Approach to protection

Unfortunately, the evolution that has taken place in the field of threats has not yet been accompanied by a change in our mentality in our approach to protection. If you asked a statistical administrator how his approach to securing IT infrastructure has changed in recent years, he would most likely reply that he replaced the floppy MKS with a network, centrally managed antivirus and a simple firewall with a "next generation" device. More aware administrators would boast about taking local administrator rights from their users and using GPO policies enforcing a secure password policy. Continue ...

IPv6 - Opportunity, Necessity or Threat?

A few years ago, counters presenting the diminishing pool of available IPv4 addresses were very popular on the Internet. The closer to zero the value on the numerator approached, the more it aroused interest in the new version of the protocol - IPv6. Producers of network devices, operating systems and Internet providers quickly intensified their activities aimed at preparing them to work in the new reality. Their homework was to a greater or lesser extent done by them. The IPv4 counters have reached zero and… nothing has changed practically. In both home and business applications, hardly anyone thought about IPv6. While IANA distributed the last available pools of IPv4 addresses to regional registries (RIR), it was not a major problem for end users. The regional registers had some reserves of address space for the following years. With time, however, these also began to melt and reach zero. The situation repeated itself, but this time the role of the buffer with the backup address space was taken over by local registers (LIR), which are mainly large Internet providers. This resulted in a tightening of IPv4 address allocation policies at the level of regional registries. For example, the European RIPE has stopped registering new ASs (Autonomous Systems) for clients applying for PI (provider independet) in version 4 addresses. offer their own addresses from the pool assigned to them as LIRs. This state of affairs has continued since 2012. Although this is really the last stage before the actual exhaustion of IPv4 addresses, few people are interested in the implementation and, above all, the proper protection of the infrastructure working on IPv6. Continue ...