The beginning of the year will probably be associated with the threat of coronavirus. This topic has dominated the media reports in recent weeks. It is also an excellent example of the fact that new threats may always appear in business, which have not been included in the risk analysis so far.

However, there is just as much going on in the world of cyber threats. On January 14, the end of support for the operating systems from the Windows 7 and Windows Server 2008 family, which was announced for a long time by Microsoft, took place. This means that for one of the most popular systems that are still used, unfortunately, also on company computers, security patches related to new discoveries will no longer be delivered. vulnerabilities.
The proof that this problem cannot be underestimated is the vulnerability found in the Remote Desktop Gateway service at the beginning of the year. Continue ...

The catalog of threats that IT system administrators have to take into account has changed significantly in recent years. Attack vectors, against which up to a point could be protected using traditional firewall and anti-virus protection of workstations, have undergone a significant transformation. Criminals quite quickly learned to bypass traditional security measures and developed techniques thanks to which the hijacking and surveillance of an IT system often takes place unnoticed. APT (Advanced Persistent Threat) threats have become very real. Known and high-profile attacks of this type are sometimes detected after months, and sometimes years, when criminals have already extracted all the data from the systems.

Defending against this type of threat using traditional tools is little that ineffective, it creates a false sense of security, which allows intruders to conduct their activities with complete freedom. The lack of appropriate alerts from security systems means that everyone seems to be safe and there is no need to look at it closely. Most serious security incidents happen not in security-deficient environments, but in security-defective environments. Often, as part of handling a security incident, new tools are launched that immediately detect a whole range of threats and generate a large number of alerts, while traditional antivirus systems and firewalls present in the network do not see anything.

Continue ...

Systems implemented to protect IT infrastructure, like any other, may be vulnerable to various types of threats. There are many known cases of threats related to, for example, anti-virus software. We can cite here, for example, the recent critical errors of the RCE class (remote code execution) in the Windows Defender service. In 2017 alone, 6 vulnerabilities were identified, estimated at 9.3 on the 10 point CVE scale.

The same is the case with devices such as firewall, UTM, NG firewall. We can quote some of the louder mishaps a hole in the Cisco ASA IPsec service (versions 7.2-9.5). A buffer overflow vulnerability rated at 10 on the CVE scale could lead to remote code execution.

The end of last year is, in turn, an equally critical flaw in Palo Alto Networks products. PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier turned out to be vulnerable to remote code execution as root without the need for authentication. Two were also identified in 2017 other critical vulnerabilities in PAN-OS systems.

Considering the above information, it is worth taking care of regular updates of your security systems. Below we present a tutorial on how to configure Palo Alto Networks PAN-OS updates.

The health service must immediately implement professional IT security solutions.

According to the current legal status, from August 1, 2017 (i.e. for a little more than a year), medical documentation will have to be kept only in an electronic company.

Although the date of entry into force of the provisions on electronic medical data of the "Act of April 28, 2011 on the information system in health care" has been postponed many times, and this may also be the case this time, we must take into account that this moment will inevitably is coming and will eventually come.

Undoubtedly, the implementation of the provisions of the Act and the ordinances of successive Health Ministers regarding electronic medical documentation imposes a gigantic and very responsible implementation task on the entire healthcare system. I really hope that the whole project will be successful. The consequence of launching electronic medical information systems will be increased requirements for the security of information systems in hospitals, clinics and other health care facilities.

There are several important places in medical information systems that can be vulnerable and vulnerable to cyber threats:

• Databases of personal data,
• Patient health databases,
• Life support systems and patient condition monitoring,
• HIS (Health Information Systems) in the medical and administrative part,
• Medical equipment,
• Other systems that may affect the implementation of key processes.

In January 2016, a spokesman for the Hospital in Ottawa reported that 4 of the nearly 10,000 computers in the hospital were attacked with software ransomware. This type of malware, after clicking on an attachment in an email, a link in an email or on a website, blocks files on the infected computer. After paying the ransom, the attack victim receives a key that enables the reopening of encrypted files. In the case of this attack, the hospital did not pay the ransom, and IT services wiped the contents of the disks and restored the data using backups. The hospital said the patient's data was not at risk.

Continue ...

On Monday, April 4 Brocade Communications Systems announced its intention to acquire the company for $ 1.5 billion Ruckus Wireless. It seems that another strong player on the network solutions market is emerging before our eyes, able to compete with such powers as HPE and Cisco.

It is clear that the takeover of Aruba by HP, about what we wrote in March 2015, resulted in a change of the market leader in network technologies. This is indicated by the Gartner report published in September 2015, which we commented recently on our blog. In addition to the leading position, HPE draws attention strong weakening of Cisco's position and the grouping of many companies in the middle of the chart for the completeness of the solution vision. Brocade and Ruckus are also in the main group.

At this point, however, it should be noted that for some time Gartner has been treating the offer of solutions in the field of wired and wireless networks as a whole. This approach enables an objective evaluation of the comprehensive network offer and at the same time weakens the position of manufacturers with only LAN solutions or only WLAN solutions. In this context, the Brocade-Ruckus offer should be strongly shifted to the right in the near future. This is all the more likely as both companies have the flexibility and adaptability that are not appropriate for very large corporations such as HPE or Cisco.

About Brocade Communications
Brocade was founded in 1995 by Seth Neiman - former manager at Sun Microsystems and professional racing driver (!), Kumar Malavia - co-author of the Fiber Channel protocol specification, and Paul R. Bonderson, manager from Intel and Sun Microsystems.

Currently, Brocade Communications Systems in IT environments is associated primarily with high-quality, efficient solutions for SAN networks. As a leader in the implementation of the Fiber Channel protocol, the company sells its products both through its own network of partners, as well as under OEM agreements with major suppliers of IT solutions such as HPE, Dell, EMC, NetApp, Fujitsu, Hitachi, Huawei, IBM, Lenovo or Oracle .
Beginning in 2008, after purchasing Foundry Networks, Brocade also offers a wide range of LAN and WAN devices. Such products include ultra-fast switches for data centers, enterprise-class switches and routers, load balancers. It should be mentioned that Brocade actively supports network virtualization solutions as well SDN (Software Defined Networking) by offering own products and participating in Open Networking Foundation and contribution to the work on the protocol OpenFlow.

We also invite you to read the article on our website dedicated to the product family Brocade FCS Fabric dedicated to data centers.

About Ruckus Wireless

Ruckus is an innovative company founded in 2004 by William Kish and Victor Shtrom. Since its inception, it has focused on providing indoor and outdoor wireless products from the "Smart WiFi" family for Internet providers and enterprises.

As the owner of many patents in the field of wireless voice, image and data transmission, Ruckus has made a significant contribution to the development of WLAN technology. Thanks to the use of adaptive matrix antennas, it was possible to increase the range and speed of data transmission, reduce interference effects and thus enable the transmission of delay-sensitive data and multimedia services using the standard 802.11 protocol.
It was Ruckus who invented and designed the technology of matrix antennas BeamFlexand then sold licenses to other producers to use beam forming technology. Beam forming technologies are now available on access points from many vendors such as Aruba, Cisco, Meru, and others.

In 2015, Ruckus was the first manufacturer to implement the 802.11ac Wave 2 standard in its access point long before others - it was the Ruckus ZoneFlex R710. According to data from Ruckus Wireless, this device provides transmission speed of 800Mbps at 2.4GHz and 1733Mbps at 5GHz.

Oh, it will be happening !!!

In recent years, we were associated mainly with Cisco Systems solutions. After introducing Aruba Networks solutions to HPE offer, Cisco is no longer a lonely leader on the market of enterprise-class networking solutions. In the Gartner report from September 2015, HPE significantly exceeds Cisco in terms of Completness of vision. On Concerns About HP's Purchase of Aruba Networks I wrote in March 2015, however, despite the threats, HPE was able to efficiently complete the merger of the two companies.

If we can offer our clients good solutions at a much better price, why not do it ?!

Source: Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, September 1, 2015

At present, the HPE Aruba Networking offer includes:

• Switches - modular devices and devices with a fixed number of ports addressed to data centers, campus networks, company branches and the small and medium-sized enterprise sector,
• Routers - modular devices with a fixed number of ports as well as virtual and wireless devices for use in branches.
• Access Points and Controllers - The offering covers the full line of Aruba devices.

Continue ...

Evolution of threats

Malware threats have changed radically over the last several years. Viruses, which at the end of the 20th century took the form of pranks displaying funny messages and sound or visual effects, have become a tool in the hands of organized crime groups. Behind today's malware is a thriving black market, where you can choose from offers to sell 0-days, exploits, exploitpacks, backdoors and even ready-made botnets consisting of thousands of hijacked computers. All of this makes it easier for organized crime groups to run large-scale phishing campaigns or infection with TeslaCrypt, CryptoLocker or CryptoWall ransomers.

Approach to protection

Unfortunately, the evolution that has taken place in the field of threats has not yet been accompanied by a change in our mentality in our approach to protection. If you asked a statistical administrator how his approach to securing IT infrastructure has changed in recent years, he would most likely reply that he replaced the floppy MKS with a network, centrally managed antivirus and a simple firewall with a "next generation" device. More aware administrators would boast about taking local administrator rights from their users and using GPO policies enforcing a secure password policy. Continue ...

IPv6 - Opportunity, Necessity or Threat?

A few years ago, counters presenting the diminishing pool of available IPv4 addresses were very popular on the Internet. The closer to zero the value on the numerator approached, the more it aroused interest in the new version of the protocol - IPv6. Producers of network devices, operating systems and Internet providers quickly intensified their activities aimed at preparing them to work in the new reality. Their homework was to a greater or lesser extent done by them. The IPv4 counters have reached zero and… nothing has changed practically. In both home and business applications, hardly anyone thought about IPv6. While IANA distributed the last available pools of IPv4 addresses to regional registries (RIR), it was not a major problem for end users. The regional registers had some reserves of address space for the following years. With time, however, these also began to melt and reach zero. The situation repeated itself, but this time the role of the buffer with the backup address space was taken over by local registers (LIR), which are mainly large Internet providers. This resulted in a tightening of IPv4 address allocation policies at the level of regional registries. For example, the European RIPE has stopped registering new ASs (Autonomous Systems) for clients applying for PI (provider independet) in version 4 addresses. offer their own addresses from the pool assigned to them as LIRs. This state of affairs has continued since 2012. Although this is really the last stage before the actual exhaustion of IPv4 addresses, few people are interested in the implementation and, above all, the proper protection of the infrastructure working on IPv6. Continue ...