New year, new threats - review of fresh vulnerabilities

The beginning of the year will probably be associated with the threat of coronavirus. This topic has dominated the media reports in recent weeks. It is also an excellent example of the fact that new threats may always appear in business, which have not been included in the risk analysis so far.

However, there is just as much going on in the world of cyber threats. On January 14, the end of support for the operating systems from the Windows 7 and Windows Server 2008 family, which was announced for a long time by Microsoft, took place. This means that for one of the most popular systems that are still used, unfortunately, also on company computers, security patches related to new discoveries will no longer be delivered. vulnerabilities.
The proof that this problem cannot be underestimated is the vulnerability found in the Remote Desktop Gateway service at the beginning of the year. Continue ...

Palo Alto Networks - a weapon in the fight against new threats

The catalog of threats that IT system administrators have to take into account has changed significantly in recent years. Attack vectors, against which up to a point could be protected using traditional firewall and anti-virus protection of workstations, have undergone a significant transformation. Criminals quite quickly learned to bypass traditional security measures and developed techniques thanks to which the hijacking and surveillance of an IT system often takes place unnoticed. APT (Advanced Persistent Threat) threats have become very real. Known and high-profile attacks of this type are sometimes detected after months, and sometimes years, when criminals have already extracted all the data from the systems.

Defending against this type of threat using traditional tools is little that ineffective, it creates a false sense of security, which allows intruders to conduct their activities with complete freedom. The lack of appropriate alerts from security systems means that everyone seems to be safe and there is no need to look at it closely. Most serious security incidents happen not in security-deficient environments, but in security-defective environments. Often, as part of handling a security incident, new tools are launched that immediately detect a whole range of threats and generate a large number of alerts, while traditional antivirus systems and firewalls present in the network do not see anything.

Continue ...

Are we threatened by cyber attacks?

Cybersecurity, hackers, threats and vulnerabilities have been talked about more and more recently. The entry into force of the provisions of the GDPR caused the first wave of increased interest in the issues of risk analysis, vulnerability identification and risk minimization. Almost a year has passed since then, and security still seems to be one of the most popular issues in the IT industry. At the end of last year, another wave of interest aroused the so-called "Cyber Act", i.e. the Act on the National Cybersecurity System. Although it does not arouse such emotions as the GDPR, because it covers only providers of critical services from the point of view of the state, it is one of the hottest topics in the sectors of the economy related to energy, transport or health protection. It is also worth recalling that since 2015, the public finance sector is still covered by the regulation on the National Interoperability Framework, in which a fairly large fragment has also been devoted to security issues.

All the above-mentioned regulations refer to the need to implement information security management systems, the task of which is to identify vulnerabilities and threats, analyze the risks associated with them and implement action plans aimed at minimizing this risk to an acceptable level.

Is the threat of attacks by cyber criminals or cyber terrorists really that serious? Unfortunately, everything indicates that it is. Already some time ago, NATO recognized cyberspace as one of the areas of combat operations that it must defend Continue ...

When the admin runs out, what about your business continuity

Maintaining business continuity, i.e. the ability to undisturbed implementation of the main processes that bring income to the company, is one of the tasks that are often delegated to representatives of the IT department. Due to the high involvement of information technology in business processes, the IT department seems to be the cell best prepared to handle any unforeseen situations in the form of hardware failure, user errors or deliberate actions by intruders. Is this assumption correct? Unfortunately, not entirely.

Indeed, technology is one of the main factors that have the greatest impact on the performance of any organization and, at the same time, a factor that fails relatively often. Therefore, when we think about business continuity, first of all, solutions aimed at ensuring operation in the event of failure are verified. They are most often limited to redundancy, i.e. redundancy that allows uninterrupted operation in the event of damage to one of the system components. Another category of security are backup systems, which are to make the environment immune to situations related to data loss as a result of a failure, user error or deliberate action to our detriment. Both backup systems and solutions ensuring high availability (HA) are something without which the IT department would not be able to fulfill its business function. If they were not there, the first failure would have serious consequences for those responsible for maintaining the ICT environment. Continue ...

Security incident in the protection of personal data

Personal data breach incident - how to handle it?

It is the fifth month since the new regulations on the protection of personal data come into force. The period of the media storm related to the GDPR is probably behind us. Slowly, everyone has adapted to the new regulations, completed the documentation, implemented appropriate procedures and are trying to implement them with more or less commitment. However, one of the most frequent dilemmas related to the protection of personal data is the handling of security breach incidents.

Where did the idea for incident handling come from?

Both the old Act on the Protection of Personal Data and the new provisions of the GDPR mention the need to keep a register of incidents and implement the process of their proper handling. Where do such requirements come from? It is probably a derivative of ISO standards, where such a register has a control function that allows to monitor and evaluate the effectiveness of the information security management system. The number and frequency of security incidents proves whether our data protection system is effective. It also allows you to verify whether the security measures introduced by us are effective, i.e. whether they cause the number of incidents to decrease. Continue ...

Requirements for IT systems processing personal data

We have just over two weeks until the new regulations on the protection of personal data enter into force. Adopted by the European Parliament in April 2016, the General Data Protection Regulation, known as the General Data Protection Regulation (GDPR), will come into force on May 25, 2018.
Lawyers actively support their clients in adjusting formal requirements to the new regulations. However, the preparation of appropriate templates of information clauses, questions for consents to the processing of personal data and contracts for entrusting or sharing data is not everything. It is important to adapt the technical infrastructure to the new realities along with formal and legal activities. And here a question often arises that lawyers are not able to answer: "what requirements must the IT infrastructure meet to be considered compliant with the provisions of the GDPR"? This problem stems from the fact that, unlike the "old" Act on Personal Data Protection, the new regulations do not indicate specific technical requirements. In the entire Regulation, there are only general conditions relating to the safety of infrastructure. So how do you adapt to them? We will try to help you find the answer to this question.

So what are these general requirements? Article 32 of the GDPR, which specifies that the personal data administrator implements appropriate technical measures to ensure a level of security corresponding to the risk, is the most relevant to this topic. It asks, inter alia, attention to solutions such as:

  • Personal data encryption
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • The ability to quickly restore the availability and access to personal data in the event of a physical or technical incident
  • Regularly testing, measuring and evaluating the effectiveness of technical measures to ensure the security of processing

Continue ...

Palo Alto update - how and why it is worth doing

Systems implemented to protect IT infrastructure, like any other, may be vulnerable to various types of threats. There are many known cases of threats related to, for example, anti-virus software. We can cite here, for example, the recent critical errors of the RCE class (remote code execution) in the Windows Defender service. In 2017 alone, 6 vulnerabilities were identified, estimated at 9.3 on the 10 point CVE scale.

The same is the case with devices such as firewall, UTM, NG firewall. We can quote some of the louder mishaps a hole in the Cisco ASA IPsec service (versions 7.2-9.5). A buffer overflow vulnerability rated at 10 on the CVE scale could lead to remote code execution.

The end of last year is, in turn, an equally critical flaw in Palo Alto Networks products. PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier turned out to be vulnerable to remote code execution as root without the need for authentication. Two were also identified in 2017 other critical vulnerabilities in PAN-OS systems.

Considering the above information, it is worth taking care of regular updates of your security systems. Below we present a tutorial on how to configure Palo Alto Networks PAN-OS updates.

 

 

From an infected website to a serious security incident - a case study

Serious data leaks and security incidents do not necessarily have to be the result of deliberate actions by intruders aimed at a specific target. They are not always noticed immediately by the victims of the attack. Often a serious breach of security occurs as a result of a combination of several events and its detection may be the result of the inquisitiveness of a random person. The following is a transcript of an interesting investigation, as a result of which we discovered a very serious threat to customer data of a large hosting company.

WARNING:
The description below includes links to websites that have been attacked or maintained by reputable organizations. Opening them may be dangerous.

Case study

On one of the websites maintained at AZ.pl (a hosting company belonging to Home.pl that supports the largest number of domains in Poland according to http://top100.wht.pl/) I noticed suspicious behavior: typing the website address in the browser caused redirection to the address http://semanticore.com.pl/admin/dropbox/proposal/which opened a page pretending to be Dropbox and asking you to log in - a classic phishing. The first thing that occurred to me was that I missed my domain renewal and someone took over. But no, domain is paid for. So I log in to the hosting panel and check the website files. Several of them have today's modification date, although I have not made any changes today. The website has therefore been modified in an unauthorized manner. Quick analysis of possible attack vectors: Continue ...

Can patients feel safe? IT systems in the healthcare sector as a target of attacks by cyber criminals.

The health service must immediately implement professional IT security solutions.

According to the current legal status, from August 1, 2017 (i.e. for a little more than a year), medical documentation will have to be kept only in an electronic company.

Although the date of entry into force of the provisions on electronic medical data of the "Act of April 28, 2011 on the information system in health care" has been postponed many times, and this may also be the case this time, we must take into account that this moment will inevitably is coming and will eventually come.

Undoubtedly, the implementation of the provisions of the Act and the ordinances of successive Health Ministers regarding electronic medical documentation imposes a gigantic and very responsible implementation task on the entire healthcare system. I really hope that the whole project will be successful. The consequence of launching electronic medical information systems will be increased requirements for the security of information systems in hospitals, clinics and other health care facilities.

There are several important places in medical information systems that can be vulnerable and vulnerable to cyber threats:

  • Databases of personal data,
  • Patient health databases,
  • Life support systems and patient condition monitoring,
  • HIS (Health Information Systems) in the medical and administrative part,
  • Medical equipment,
  • Other systems that may affect the implementation of key processes.

Ottawa-Hospital

In January 2016, a spokesman for the Hospital in Ottawa reported that 4 of the nearly 10,000 computers in the hospital were attacked with software ransomware. This type of malware, after clicking on an attachment in an email, a link in an email or on a website, blocks files on the infected computer. After paying the ransom, the attack victim receives a key that enables the reopening of encrypted files. In the case of this attack, the hospital did not pay the ransom, and IT services wiped the contents of the disks and restored the data using backups. The hospital said the patient's data was not at risk.

Continue ...

It's getting interesting: Brocade Communications - another strong player on the network solutions market?

Brocade+RuckusOn Monday, April 4 Brocade Communications Systems announced its intention to acquire the company for $ 1.5 billion Ruckus Wireless. It seems that another strong player on the network solutions market is emerging before our eyes, able to compete with such powers as HPE and Cisco.

It is clear that the takeover of Aruba by HP, about what we wrote in March 2015, resulted in a change of the market leader in network technologies. This is indicated by the Gartner report published in September 2015, which we commented recently on our blog. In addition to the leading position, HPE draws attention strong weakening of Cisco's position and the grouping of many companies in the middle of the chart for the completeness of the solution vision. Brocade and Ruckus are also in the main group.

Gartner_networking_09_2015_big

At this point, however, it should be noted that for some time Gartner has been treating the offer of solutions in the field of wired and wireless networks as a whole. This approach enables an objective evaluation of the comprehensive network offer and at the same time weakens the position of manufacturers with only LAN solutions or only WLAN solutions. In this context, the Brocade-Ruckus offer should be strongly shifted to the right in the near future. This is all the more likely as both companies have the flexibility and adaptability that are not appropriate for very large corporations such as HPE or Cisco.

About Brocade Communications
Brocade was founded in 1995 by Seth Neiman - former manager at Sun Microsystems and professional racing driver (!), Kumar Malavia - co-author of the Fiber Channel protocol specification, and Paul R. Bonderson, manager from Intel and Sun Microsystems.

Currently, Brocade Communications Systems in IT environments is associated primarily with high-quality, efficient solutions for SAN networks. As a leader in the implementation of the Fiber Channel protocol, the company sells its products both through its own network of partners, as well as under OEM agreements with major suppliers of IT solutions such as HPE, Dell, EMC, NetApp, Fujitsu, Hitachi, Huawei, IBM, Lenovo or Oracle .
Beginning in 2008, after purchasing Foundry Networks, Brocade also offers a wide range of LAN and WAN devices. Such products include ultra-fast switches for data centers, enterprise-class switches and routers, load balancers. It should be mentioned that Brocade actively supports network virtualization solutions as well SDN (Software Defined Networking) by offering own products and participating in Open Networking Foundation and contribution to the work on the protocol OpenFlow.

We also invite you to read the article on our website dedicated to the product family Brocade FCS Fabric dedicated to data centers.

About Ruckus Wireless

Ruckus is an innovative company founded in 2004 by William Kish and Victor Shtrom. Since its inception, it has focused on providing indoor and outdoor wireless products from the "Smart WiFi" family for Internet providers and enterprises.

As the owner of many patents in the field of wireless voice, image and data transmission, Ruckus has made a significant contribution to the development of WLAN technology. Thanks to the use of adaptive matrix antennas, it was possible to increase the range and speed of data transmission, reduce interference effects and thus enable the transmission of delay-sensitive data and multimedia services using the standard 802.11 protocol.
It was Ruckus who invented and designed the technology of matrix antennas BeamFlexand then sold licenses to other producers to use beam forming technology. Beam forming technologies are now available on access points from many vendors such as Aruba, Cisco, Meru, and others.

In 2015, Ruckus was the first manufacturer to implement the 802.11ac Wave 2 standard in its access point long before others - it was the Ruckus ZoneFlex R710. According to data from Ruckus Wireless, this device provides transmission speed of 800Mbps at 2.4GHz and 1733Mbps at 5GHz.

Oh, it will be happening !!!