Information security in offices

In the period from September to November, UpGreat takes part in three IT conventions (Wielkopolskie, Mazowieckie and Śląskie) - cyclical events organized for employees of offices and public institutions. During these meetings, issues related to the adaptation of local government institutions to the requirements of legal regulations concerning, inter alia, computerization, personal data protection or the National Interoperability Framework. The meetings are also attended by UpGreat experts in the field of ICT security, personal data protection, audits and security policies. Our consultants advise IT specialists from public institutions on how to adapt their systems to the requirements of the KRI regulation related to, inter alia, with the implementation of the Information Security Management System. We discuss issues related to the implementation of information security policies as well as risk estimation and analysis. We also answer questions regarding the amended Personal Data Protection Act and the obligations of the Information Security Administrator.
We pay special attention to security audits and penetration tests, which are an indispensable element of security management in any organization.

 

Cell-free zone - CD-100 Cellular Activity Detection Adapter

The AirTight Networks offer includes an interesting solution for monitoring the area of an office, warehouse, conference room in terms of the use of mobile phones. In some situations, it is necessary to discover phones and cellular connections. The applications proposed by AirTight are:

  • army and police,
  • prison system,
  • institutions in which it is forbidden to use mobile phones, e.g. near devices and buildings classified as classified,
  • detection of eavesdropping devices, network listening devices and printing systems in order to intercept confidential information and further data transmission via a GSM modem.

Continue ...

Cyber criminal is knocking on your door?

Televisions, portals and experts warn all of us against various types of cyber threats. The topic is media attractive and often discussed. However, in the sheer volume of information, these warnings are relegated to the background as relating to other people and not ourselves. We assume that, because we are careful, no one will steal our access data and empty our bank account. Anyway, in order to make their offer more attractive, banks offer various types of insurance that provide reimbursement of lost money in the event of unauthorized withdrawals from the account.

However, there are threats not only to individuals but also to larger communities. In recent months, we have dealt with our clients several times with attacks consisting in encrypting data belonging to the enterprise. The criminal undertook to decrypt the data after paying the ransom. In this case, the threat concerned the entire company / organization.

Continue ...

Qcentral - problematic launch?

In my earlier post, I discussed QSAN matrices. Each of them has its own built-in management panel, but the question arises whether it is possible to manage several matrices from one place. The answer is - YES. All you need is QCentral software. I will not elaborate on the possibilities of this software now, I would like to share only the experience I gained while running this application.

This software is written in java. The file has a .jar extension. Hence, problems with starting Qcentral may arise. If the program cannot be started, check if the Java virtual machine - JRE (Java runtime enviroment) is installed in the system. If we still can't run Qcentral please add environment variables. Below is an example for Java 7 on a 64-bit system. Find the location of the java.exe file on your own system.

Continue ...

Chasing EPS. Is it profitable to be innovative?

 

 

ChRL-HP-Aruba

On Monday, March 2, I received it information on the acquisition of Aruba Networks by HP. The transaction, valued at $ 2.7 billion, is designed to strengthen HP's position in the wireless network solutions market. In this way, HP will become the No. 2 player after Cisco Systems, which is the undisputed leader in the global market. Currently, Cisco has a 52% share in WLAN sales, Aruba 13% and HP just over 4%.

The question is whether HP will be able to take advantage of the transaction opportunities since it failed to do so in previous WLAN acquisitions - Colubris in 2008 and 3Com in 2010. Another question is that Aruba is a supplier to HP competitors such as Dell. Brocade or Juniper. Will these companies continue to buy WLANs from Aruba while it is owned by HP? Nevertheless, we can say with certainty that a new strong competitor, HP-Aruba, has emerged behind Cisco's back, and with the estimated 40% WLAN market growth until 2019, Cisco's share of sales will decline in the coming years.

Continue ...

Social engineering, or about social sciences in the world of technology.

Technology is not everything.

When talking about security and security, we first think of advanced technologies and expensive devices: intruder detection systems, active prevention systems, data protection against leakage, secure authentication, authorization and sharing of resources. In order to feel safe, we spend a lot of money and surround ourselves with barriers, scanners, probes, tokens, fingerprint readers or the iris of the eye. We install systems that scan and filter traffic for viruses, worms, Trojans, attack signatures or other anomalies. To process data from so many systems, we launch new ones, used to log events, correlate them, analyze and warn us about threats. It would seem, therefore, that by doing so much, with so much resources, we have the right to feel confident about the security of our systems and the data processed with them. The reality is unfortunately very brutal. While doing so much, we forgot about the essential thing - the level of safety, just like the strength of a chain, is not determined by the sum of all its links, but by the strength of the weakest of them. The question "what is this link?" will not lead us to an answer. For we should ask not "what" but "who" is.
Continue ...

QSAN - high quality at a reasonable price.

In connection with granting Upgreat the status Authorized QSAN Sub-distributor in Poland, we decided to share our impressions about the products offered by this manufacturer.

But let me start with maybe general information about mass storage.

They are present in almost every large enterprise, institution or used for private purposes. Most of the Internet resources are stored on mass memory. Hence, it is important that these devices are reliable and efficient. Our experience with such devices is based mainly on such vendors as HP, IBM, NetApp. Due to the award of the status of the Authorized QSAN Sub-distributor, we received two matrix models from this manufacturer. It is a Taiwanese manufacturer that started operating in 2004. Qsan Technology (this is the full name of the company) specializes in the production of a complete line of SAN, iSCSI, Fiber Channel SAN storage network products for global enterprises, medium and small businesses.

Continue ...

Are 15K drives more efficient than 10K?

In the course of discussions with the client about the configuration and size of the storage, I went down to a fairly low level of detail. To my surprise, it turned out that 15,000 rpm disks do not have to be faster than 10K disks !!!

HDD-Seagate

It is assumed that the performance of various types of disk drives should be estimated as follows:

Continue ...

HP Storage - meeting of MASE engineers

On December 10-11, at the Remes hotel in Opalenica, a meeting of HP MASE engineers devoted to new products for 2015 was held. UpGreat engineers also participated in the training. Among the premieres of the 3PAR and MSA matrices in the coming months, attention should be paid to e.g. introducing such functionalities as:

  • File Persona Software in 3PAR arrays, allowing for the implementation of, inter alia, NFS and SMB file sharing protocols
  • Virtual pools in MSA arrays, allowing the "stretching" of volumes on different raid groups
  • Second level Read Cache based on SSD disks in MSA arrays
  • New, prettier and more intuitive web GUI in MSA arrays
  • Automatic tiering in MSA matrices

 

Simple, fast and secure transmission of confidential content.

Sending confidential content by e-mail is a fairly common practice. Unfortunately, not always people exchanging information with each other are able to take advantage of such facilities as encrypted e-mail communication, encryption keys or certificates. If sending confidential data is incidental and is not systematically resolved by the IT department, users often resort to the simplest measures in the form of office suite files protected with a password or compressed with a password-protected program such as winzip or winrar. Such solutions, although they seem safe, are characterized by a high level of risk. For the sake of compatibility, the most popular document formats are saved using low-security algorithms. There is a whole range of tools available to help crack passwords for files in the .doc, .docx, .xls, .xlsx or .zip formats.

So how to deal with a situation when the data we want to send must be quickly and securely delivered to the recipient? Continue ...