First things first: IT security. Security First conference review

The challenges of working remotely, COVID-19-related phishing attacks, a business-oriented perspective on cybersecurity and live penetration testing. The up-to-date nature of the Security First conference program was truly impressiveeven for a security geek like myself.

See the subjective review of the Computerworld and ISSA Polska online conference.

Remote work vs. IT security

A remote conference on cybersecurity simply would not be complete without a discussion about remote work. At Sidnet, we have been running projects outside the main office for yearsafter all, our team members work remotely from various cities of Poland. The coronavirus pandemic has made our remote working experience even more vital in the eyes of customers virtually overnight. Everything points to the belief that the tendency to replace office work with remote work will continue in the coming years.

The future of cloud services

Michał Kurek confirmed that the COVID-19 pandemic is bound to further popularize cloud technologies. According to KPMG research, 43% of Polish companies already utilize cloud solutions with another 17% planning to commence using cloud services shortly.

Security First online conference backstage. A lecture by Michał Kurek from KPMG.
Source: Security First.

A revolution in the work environment

According to Paweł Marciniak from Matrix42, the work environment is undergoing several changes, including:

  • A change in the way work is perceived: a shift from work seen as a place to work seen as an activity.
  • Changes in the needs of both employers and employees: a shift from fixed hours to flexible hours; from permanent employment contracts to freelancing and the gig economy; from hierarchies to dynamic organizational networks.
  • A change in the approach to the company IT management: a shift from central management to employee self-service thanks to the access to remote systems and the knowledge on how to use them to continue the company’s operations from anywhere in the world.

Cybersecurity vs. business development

The relationship between IT security and business was a vital topic. It is astonishing just how often the first step to resolve a company’s technical problems is improving communication. However, this works both waysremoving technical issues can ease tensions at the company, e.g. in situations where the security department is perceived as an obstacle.

Stages of maturity in IT security management

Paweł Wojciechowski from Fortinet outlined the security challenges based on the company’s scale:

  • The lowest level characterizes medium-sized companies with IT departments that deal with few incidents.
  • The second level is a domain of medium/large businesses with dedicated security teams.
  • The highest level of maturity is attained by the enterprise sector companies with dedicated Security Operations Centers (SOC), advanced processes and written rules of conduct.

Industrial network security (OT)

Learning more about cybersecurity challenges in the manufacturing industry, which uses both IT solutions and industrial networks (Operational Technology, OT), was certainly interesting.

Threats to the Industrial Control System (ICS)

Roland Kulanek’s presentation was meant to remind everyone that cybersecurity is a continuous process. In addition, a speaker representing Rockwell Automation also addressed some of the myths related to Industrial Control System (ICS) security. Any systemeven if hidden behind a firewall or cut off from the Internet altogethercan become the target of an attack.

Roland Kulanek and Jarosław Kuźniar – chairing the Security First conference.
Source: Security First.

IDS and IPS systemsdifferences and applications

Wojciech Kubiak from PKP Energetyka explained when and why IDS and IPS solutions should be used. Wherever industrial (OT) and corporate (IT) networks coexist, using a hybrid system is necessary:

  • An Intrusion Prevention System (IPS) is a solution that actively protects IT components, especially operating systems, databases and web applications.
  • An Intrusion Detection System (IDS) is better suited to protecting OT components. It should passively monitor applications and control systems and search for any network anomalies.

IT security novelties

COVID-19 as phishing bait

The pandemic has generated anxiety, which increases the likelihood of making irrational choices, alongside the need to work and learn remotelyoften with the use of private networks and equipment. Scammers have quickly begun exploiting this opportunity to launch coronavirus-themed attacks. Joanna Karczewska presented the scale of this phenomenon along with several alarming examples. What are the forecasts? It will only get worse unless we start employing proper security standards.

Live penetration testing

Michał Sajdak conducted a live reconnaissance of servers and network devices using penetration testing. I was particularly curious about this presentation, given that I follow Michał’s activity on the Sekurak.pl web portal and appreciate his factual, concise articles. The presentation itself was very similar in this regard.

A presentation by Michał Sajdak from Sekurak.pl during the Security First online conference.
Source: Security First.

Data recovery

Daniel Olkowski from Dell Technologies presented the idea of a digital bunker that allows users to recover data after an attack. What should you consider when making one?

  • Isolate the digital bunker from the rest of the infrastructure.
  • Retain deletion- and modification-resistant backups.
  • Automate such operations as data retrieval, verification and recovery.

HP Sure security systems

I have been using Linux for years and typically do not stay up to date with the Windows software provided with most computers. Nonetheless, opening websites and attachments using virtual machines (HP Sure Click) is bound to protect many computers from malware. The HP Sure View Gen3 privatization filter built into a laptop screen was also a positive surprise. I will bear this option in mind when buying a new device.

#SidnetDonations Krzysiek for the Debian project and the JOKOT Foundation

If we were to put Krzysiek Skarbek’s name in a crossword puzzle, the hint could be something like this: “a fan of Debian and a cat lover.” His choices in the #SidnetDonations program reflect these traits quite well. This time is no different. Today our developer from Łódź, who maintains Blogi z pierwszego tłoczenia (the First-pressed blogs) and the website of mali bracia Ubogich (the little brothers of the Poor) association, as well as others, will be choosing the recipients of Sidnet donations for the 8th time.

What charity and open-source projects will we be supporting this month based on Krzysiek’s choices?

Debian

Debian is a 100% free operating system, which has been under development by a dedicated community since 1993. It has become the basis for hundreds of Linux distributions, including Ubuntu, Mint and Deepin.

Since it supports multiple architecture types, it can work on various devices, e.g. Raspberry Pi microcomputers, which even have a dedicated distribution available for them—Raspbian. Debian in also fast and uses little memory, so it can also be effectively used on obsolete computers with weaker hardware.

As a server administrator, Krzysiek values Debian primarily for its reliability:

“Debian works well both on a server and a desktop—I use it daily on my PC and laptop. It is renowned for its stability, which is a crucial thing for any server,” Krzysiek said.

Any Toy Story fans will appreciate the fact that all releases are named after the film characters. There were already releases such as Buzz, Woody and Slink. The unstable version, which is akin to a testing ground, is named after Sid—the film’s antagonist who enjoyed testing the durability of his toys.

JOKOT Foundation

The JOKOT Foundation is a non-profit organization dedicated to helping homeless and free-living cats. Its volunteers provide temporary shelter for homeless cats in their own homes, where they treat and tame the animals to prepare them for adoption. They also take care of sterilizing free-living cats in Warsaw.

The foundation also helped Krzysiek make some new friends:

“In 2011, I adopted Boluś and Lala, two cats that had been discovered with their whole family in a bunker next to railway tracks in Warsaw. Boluś quickly found himself at home in the new place but unfortunately, he passed away a few years ago. Since then, Lala has been following me everywhere I go, even though she is still somewhat fearful. But she is slowly getting used to the new household members—Gucio and Leosia,” said Krzysiek.

When choosing new homes for animals, the foundation’s primary criterion is animal welfare. New owners are required to:

  • adopt cats in pairs (a single cat may be adopted if another one already lives in the house);
  • install safety nets on balconies and windows and secure any tilt windows;
  • remove plants that may be poisonous to cats;
  • consent to a pre-adoption visit of foundation volunteers.

#SidnetDonations: Kamil for Thunderbird and the “Kundelek” Animal Shelter

Is it Monday, Wednesday or maybe August already…? It is easy to lose track of time during the pandemic. Fortunately, the 15th of each month is always there to keep track of our current space-time position. After all, we have been donating to open-source and charity projects on this day for 7 years now!

This time we are supporting initiatives chosen by Kamil Głuszak, a developer from Rzeszów with a talent for integrating open-source solutions and closed business software (e.g. Microsoft products).

Thunderbird

Thunderbird is a leading free, open-source email program for Windows, macOS and Linux. Created by the Mozilla Foundation, Thunderbird is being developed by volunteers and financed entirely through donations.

“I always begin my day by checking my Thunderbird inbox. Even though I have been using it for several years, I have never had any issues with it. I want to support Thunderbird to keep it as trouble-free as it has always been,” Kamil explained.

Although we have already supported the Mozilla Foundation and the creators of the Firefox browser numerous times, this will be the first time that we will be directly helping to finance the development of Thunderbird.

“Kundelek” Animal Shelter

“Kundelek” is a shelter for homeless cats and dogs, run by the Rzeszów Animal Protection Association. The shelter was founded in 2005 and has since been helping lost and abandoned animals, as well as those taken away from irresponsible owners.

Currently, the shelter runs daily live broadcasts on Facebook. It also shares resources regarding the functioning of animal shelters during the COVID-19 pandemic, which are being translated into Polish by volunteers.

“The Rzeszów shelter does much more than supporting homeless animals and their new owners. It also provides the inmates of a nearby prison with a sense of purpose, as they help keep the shelter clean,” Kamil said.

#SidnetDonations: Piotr for Homebrew and Oncorun – Together for health!

For the Sidnet team, one of the negative consequences of the pandemic is a temporary suspension of the Tuesday board game sessions that used to take place in Warsaw. Until recently, Piotr Zieliński – our Full-Stack Developer – was a regular participant in these meetings. However Piotr is not only an avid fan of board games but also a skilled programmer, one who quickly finds himself at home in any new project. Piotr has recently joined the team responsible for our ongoing cooperation with THG (the owner company of the UK2 brand), one of our long-term customers.

What open-source and charity projects will we be supporting in May, based on our programmer’s wishes?

Homebrew

Homebrew is the most popular package manager for macOS. It is the missing link that connects open-source software to Apple’s operating system. It allows users to easily install open-source programs on a Mac, such as software commonly used on Linux. Homebrew is written in Ruby and supports the default version of Ruby that comes with macOS. Piotr uses Homebrew to install and use developer software.

“Thanks to Homebrew, I have everything I need in one place. Installing, updating, package search – every operation can be carried out efficiently via the terminal. The tool also allows you to have different versions of the same package installed at the same time and to switch between them at will. In addition, applications are installed without having to use the sudo command, so there’s no need to modify any base system files, including system files,” said Piotr.

The project has been developed by volunteer programmers since 2009. It is part of the Software Freedom Conservancy, which includes other open-source projects like Git, Debian and Selenium.

Oncorun – Together for health!

Oncorun is the oldest oncology-themed charity running event in Poland. It has been organized by the Sarcoma Association since 2008. Their goal it to support oncological patients both financially and psychologically.

Since Piotr was involved in the development of the Oncorun website, he is intricately familiar with this project. He has recently added such features as support for multiple language versions and online training registration. In addition, he represented Sidnet twice during Oncorun events in Warsaw.

“Though the entire world’s efforts are focused on fighting the pandemic, my thoughts are with the patients of the Sarcoma Association. Not only do they have to their condition, but now also suffer due to their reduced immunity to the coronavirus and difficulties in accessing medical assistance,” he explained.

During the COVID-19 pandemic, the Oncorun organizers have been donating personal protective equipment to hospitals. Additionally, they continue to raise funds for medicine, treatment and clinical visits for the most vulnerable oncological patients.

#SidnetDonations: Łukasz for the Mozilla Foundation and the St. Brother Albert’s Aid Society

The nationwide quarantine has not reduced Sidnet’s effectiveness in any way. After all, we have been honing our remote working skills for the last 15 years. Apart from our office being empty, all meetings taking place online and the creation of a separate channel named “Coronavirus” for our company chat, our lives have not changed much.

Today, as on every 15th of the month, we will be donating money to selected open-source and charity projects. This time the choices are being made by Łukasz Leszczyński, our Perl and JavaScript programmer, who lives and works in Rzeszów.

Mozilla Foundation

The Mozilla Foundation is a non-profit organization that strives for an open, “healthy” and accessible Internet. They are also the publisher of the annual Internet Health Report, as well as such well-known open-source solutions as the Firefox browser and the Thunderbird email program.

“The very thought of spreading ideas and taking concrete actions to help build a better Internet is very close to my heart. Sharing knowledge, critical thinking, social utility and respect for privacy are all inseparable parts of the Mozilla Foundation’s DNA,” says our developer.

These values are evident in the Foundation’s most recent publications concerning the challenges faced by creators and other Internet users during the coronavirus pandemic.

Examples?

St. Brother Albert’s Aid Society

The first Polish NGO with the goal of helping the poor and the homeless. It has been operating for nearly 40 years, and currently provides housing for 3,500 people in need. The society runs dozens of homeless shelters, club rooms, kitchens, and free bathhouses.

“I think it is very important to reach out to people who need help. This holds especially true in times when indifference to the problems and the suffering of others – the elderly, people who are lonely or who find themselves in a difficult life situation – is practically commonplace,” says Łukasz to further explain his choice.

The society accepts not only financial help, but also donations of food, clothing, footwear, medicine, cleaning products and other items that may help the people under its care.

#SidnetDonations: Michał for PostgreSQL and the “Futrzaki” Foundation

As we celebrate Internet Domain Day, we wish to support what made the Internet the way it is – databases and kittens. The man responsible for choosing the open-source and charity projects that we will be supporting this month is not just the mastermind of #SidnetDonations, but Sidnet overall.

Michał Wojciechowski has been managing our software house for 15 years. Throughout this time, he has participated in over 200 programming projects and more than 20 half-marathons – and he has also tried to stop his cats from meowing in the background during team teleconferences countless of times… 😉

Read on to find out more about Michał’s choices.

PostgreSQL

PostgreSQL is an open-source database management system. Apart from MySQL and SQLite, it is one of the most popular free solutions of this type. It is used by such companies as Skype, Instagram, TripAdvisor and The Guardian.

More than 500 volunteer creators are actively involved in working on PostgreSQL and they have been developing the project for over 30 (!) years. The result is an efficient, feature-rich and standards-compliant program, which includes more than a million lines of code and is fully owned by the community that designed it.

“Many people claim that PostgreSQL is a worthy competitor to Oracle – a commercial solution. We have used PostgreSQL in a number of projects, including a few web applications built for the Iconaris marketing agency. It also serves as a database for some of the tools we use internally, such as GitLab”, said Sidnet’s founder.

“Futrzaki” Foundation

The foundation was established in 2015 by a group of volunteers who strive to improve animal welfare. They often help stray cats and dogs, some of which are mutilated. They collect donations, organize adoptions and constantly promote having the right attitude towards animals.

“Thanks to the ‘Futrzaki’ foundation, I now have a new cat in my apartment – Lotka. The foundation volunteers put a lot of effort into finding people who are responsible owners and offer really good homes to animals. For example, the condition for adopting Lotka in the first place was to secure my balcony with a protective mesh”, said Michał.

Before they find a new home, many cats (including Lotka) are brought to the Bajka temporary shelter.

“I visited the place two times, once to familiarize myself with Lotka and then and finalize the adoption process. The temporary shelter is run by great people, who truly love animals”, said Michał.