Category: IT Security

セキュリティイメージ デジタルトランスフォ

b.r.m. IT & Aerospace is your reliable IT service provider for cyber security

Cybersecurity

In today's digital world, the IT security of corporate data and digital business assets is of paramount importance and has a highlighted relevance. The new SonicWall Cyber Threat Report 2024 offers revealing insights into the current cyber security and IT security situation that every company should be aware of. As one of the leading regional IT service providers in Bremen, b.r.m. IT & Aerospace offers customized solutions to master these challenges. We specialize in IT service, IT security and green IT.

Strong growth in cyber threats

The new report from SonicWall shows an alarming growth in digital threats. Cases of malware, encrypted threats and cryptojacking attacks are on the rise. The rapid 659% increase in cryptojacking is particularly critical. These findings underline the need for a robust and professional IT security strategy for companies.

Customized IT service for companies in Bremen

At b.r.m. IT & Aerospace, we are convinced that every company has individual security needs and benefits from a customized IT service. Our experts use the latest findings and modern technologies to develop security measures tailored to your needs. This enables us to protect your company - today and tomorrow. Offensive measures are the best defense. With proactive monitoring and threat intelligence, we can identify threats before they can cause damage.

Cyber Threat Report underlines the relevance of professional IT service

The findings of the SonicWall Cyber Threat Report 2024 highlight the need for a strong IT service. As a professional company with over 30 years of experience, b.r.m. IT & Aerospace is ready to support you and your company with first-class IT service and customized security solutions. Please contact our managing director Harald Rossol to find out more about our IT service in Bremen. You can reach us by phone at +49 421 34 14 94 and by e-mail at brm@brm.de.

Online webinars from home via Teleconference Web Video Conferenc

GDPR-compliant conference solutions

Conferencing solutions have become an integral part of today's working world. They enable location-independent phone calls with cameras and document sharing. However, not all providers offer data protection.

GDPR-compliant conference solutions

Given the large number of providers, user-friendliness and data security are particularly important. In addition, installation effort and costs vary significantly between the different providers. Even if a video conference with a cloud connection initially seems compliant, it should always be borne in mind that the service provider has complete control over the data. Compliance with the GDPR is required by law for all data processing and data storage. It should be noted that although the providers encrypt the data in transit through the internet, decryption takes place on the provider's servers, i.e. on the cloud servers. Although the providers must comply with the GDPR, the user is dependent on the trust of the providers. As this trust is very questionable in terms of data protection, a secure alternative should be found.

Conference solutions at b.r.m.

The Bremen-based company b.r.m. IT & Aerospace offers its customers GDPR-compliant conference solutions through its Green IT-certified data center. The files are stored at b.r.m. unlike conventional providers, the files are not decrypted on the cloud servers in the USA, but on b.r.m.'s servers in Bremen. The use of Zoom, for example, is therefore GDPR-compliant, as Zoom no longer has control over the data. Several privacy principles as well as technical and organizational measures (TOM) ensure that the data of the conference solution is sustainably protected and handled in compliance with the GDPR.

The GDPR applies to all personal data that is processed on the internet. This means that every provider is required to comply with it. Violations lead to fines of 20 million euros and, in the case of tech giants, up to four percent of global turnover. We offer you the solution to this issue. The advice and support provided by b.r.m. enables security analyses and risk assessments of your data flow. If you have any questions about our GDPR-compliant conference solution, you can contact our data protection expert Harald Rossol at any time.

A "safe" day at b.r.m. IT & Aerospace GmbH

Today, b.r.m.'s team of 5 GDPR experts came together. Under the leadership of Mr. Harald Rossol, Mr. Markus Rossol and Mr. Marius Ammermann, b.r.m. received the DIN SPEC 27076 certificate today.

ISO27001 Tastat DIN SPEC 27076
ISO27001 Tastat DIN SPEC 27076

The certificate was presented by the external security experts Mr. Thorsten Brendel and Mr. Daniel Köster.

But this is only the beginning of the safe path...

The timetable for the upcoming ISO 27001 audit and certification was also defined today. The project is expected to take a very short time.

This can simply be attributed to the very good and existing certifications, guidelines, management systems and assets at b.r.m.. The imminent turn of the year at b.r.m. is "standardized"

Data backup

Mail archiving according to GDPR

Nowadays, electronic archiving of emails and documents is the order of the day. In Germany, GDPR-compliant archiving is required by law. A distinction is made between audit-proof and legally compliant archiving.

Archiving according to GDPR

Audit security and legal certainty

As a rule, audit-proof systems are archiving systems that comply with tax and commercial law requirements and are verifiable in this respect. The information from the systems should be retrievable, traceable, unalterable and tamper-proof. For example, it enables tax authorities to check emails or other documents from the past in order to clarify facts. This means that the entire archiving process, including the technical components, must be checked beforehand, otherwise the user companies will not have any legal certainty for their archiving systems.

However, legal certainty includes accuracy, completeness, security of the overall procedure, protection against alteration and falsification, security against loss, use only by authorized persons, compliance with retention periods, documentation of the procedure, traceability and verifiability. Only when these categories are fulfilled after a practical test is the archiving system legally secure. Legal certainty is therefore a combination of audit compliance, the GDPR and other compliance rules.

Problem

GDPR-compliant archiving is mandatory for the user company and is properly audited. However, audit compliance is only part of complete legal certainty. This means, for example, that a user company may use a product with software that suggests audit compliance on the basis of a sticker but cannot actually guarantee it. This may be due to various components. This is precisely the core problem with legally compliant archiving. Revision security appears to be given in theory, but must first be proven in practice. Compliance can only be verified once the complete archiving system, consisting of the technology, organization, processes and trained employees, has been fully implemented. Legal certainty cannot therefore be guaranteed at the time of purchase, but only afterwards through a corresponding review of the complete system.

If you have any questions about GDPR-compliant archiving solutions and how we can support you with implementation, please feel free to contact Harald Rossol, founder and managing director of b.r.m. IT & Aerospace.

Email security, data protection, secure personal email, encrypti

Mail encryption

There is a general security risk on the Internet, as data transfer on the Internet is always unencrypted. To ensure that emails can only be received and read by authorized persons, there are various security mechanisms for encrypting emails. This also fulfills the requirements of the General Data Protection Regulation.

Mail encryption

end-to-end encryption

End-to-end encryption guarantees a high level of security in data transfer. Before an email is sent, it is encrypted by the sender, remains encrypted across all transmission stations and is decrypted again by the recipient. This mail encryption provides complete protection that does not allow any intermediate stations to be involved. This ensures increased confidentiality, authenticity and integrity of the data.

Furthermore, emails are encrypted using digital signature procedures with two keys. Each user generates a private signature key (private key) and a public verification key (public key). With the help of the public key, every user can encrypt their mail and only the owner of the private key, who decrypts the encrypted mail, can decrypt it again. The public key can therefore only encrypt the data and the private key can decrypt it again. This type of coding is called asymmetric encryption. Although it is slower than symmetric encryption, in which the sender and recipient have a shared key, it is more secure.

Mail encryption for servers

Encryption is an established standard for email servers. This is done using various encryption protocols. These include, for example, Transport Layer Security (TLS), which is used by most web browsers and web servers, such as Firefox. Encrypted communication between a computer and a web server can be recognized by the Hypertext Transfer Protocol Secure (HTTPS) or by a small lock in the browser bar. Different exchange protocols are assigned to different ports for unencrypted and encrypted communication between mail servers. Port 25 is normally used with the Simple Mail Transfer Protocol (SMTP), i.e. unencrypted. Encrypted communication can, for example, take place via port 465 using the Simple Mail Transfer Protocol Secure.

The topic of email encryption is very important, as it is expressly recommended by the European General Data Protection Regulation (GDPR). The GDPR is fully included in the IT service of the Bremen-based company b.r.m. IT & Aerospace is fully included. If you have any questions about sending and encrypting emails, please contact us.

セキュリティイメージ デジタルトランスフォ

Microsoft Teams security vulnerability

The Microsoft Teams platform is used by many companies for video conferences or other chats. Confidential documents are often exchanged in the process. However, researchers have now discovered that there is a security vulnerability at Microsoft.

Microsoft Teams security vulnerability

After installation, many companies leave Microsoft Teams in its default configuration and rely on Microsoft's security barriers. The default configuration allows authorized team members to communicate with other external users. As a result, there is a basic risk of phishing, a method by which hackers attempt to obtain confidential information from a team member or the company using a form, for example. However, staff are often trained for precisely these cases and recognize the danger due to the dubious or conspicuous links in emails. In addition, the security barrier warns of the attacks with messages and restrictions.

Where is the security gap?

A team of researchers from the British security company Jumpsec has found a way to circumvent the security barrier of the standard configuration of Teams. To do this, the IT experts changed the recipient ID for the post-request of the message from external parties. As a result, the external message with the malware is identified as a message from an authorized team member and is not recognized by the Teams security control. This makes the phishing attack more difficult to detect by trained personnel and leads to the introduction of malware, which in turn can endanger all team members of the company. Unauthorized persons are able to gain access to sensitive data through this security gap. This security gap poses a massive threat to compliance with the GDPR.

At the Bremen-based company b.r.m. IT & Aerospace, the GDPR is secured by a certified data center. Our technical and organizational measures (TOM) as well as security analyses and risk assessments improve the IT security of your company. The efficient consulting and support of our customers has helped b.r.m. to win several awards in the field of IT security and even the environment, as the b.r.m. data center is not only GDPR certified, but also Green IT certified. If you are interested, you are welcome to contact the Managing Director of b.r.m. Harald Rossol if you are interested.

Businessman using a computer with Edge computing modern IT techn

IT trends: edge computing, data protection and security

Security and data protection are still among the top IT trends. However, there is also a new trend: edge computing.

IT trends: edge computing, data protection and security

Edge computing

Edge computing is one of the latest IT trends. In terms of data processing, it is the opposite of cloud computing. While cloud computing relies on a central data center, edge computing relocates the services, data, etc. close to the user. The calculations involved were initially carried out by the data center itself. However, in order to process the data streams in the data center as resource-efficiently as possible, the services, data, etc. were moved to the edge.

This allows data to be processed in real time and minimizes latency and load times. However, challenges must be overcome. With a cloud, the highest security standards and regular vulnerability checks have top priority. It therefore offers a higher level of data security than decentralized processing, as each operator is responsible for the security of their own device. Further information on edge computing can be found here.

Data protection and IT security

With the rapid increase in the use of data processing, the issue of security and data protection is becoming increasingly important. The significant breaches in 2021 clearly showed the damage caused by a lack of IT security. The threat of potential hacker attacks is real. It is therefore all the more important to maintain your own IT security by continuously checking and maintaining it.

The successful fulfillment of the topics of data protection (GDPR), security and energy efficiency form the basis for the IT service provider b.r.m. With a GDPR-compliant and Green IT-certified data center, we offer our customers an all-encompassing 24-hour service. For more than 30 years, we have been taking care of digitalization with our excellent IT service. With our multifaceted efforts, we try to stand out from other IT service providers and be unique in the industry.

You can also follow us on Instagram @brm_IT_Aerospace.

Man touching a data connection concept

MTOM and payload - from an IT perspective

Standard techniques have been introduced to exchange binary data. However, these payloads can also cause damage.

MTOM and payload

MTOM

The Message Transmission Optimization Mechanism (MTOM) transfers executable files (binary data) to the web services. XML binary Optimized Packaging (XOP) is then used for the transmission. The XOP technique is a more efficient mapping of structured data with specific content types.

This mechanism is recommended by the World Wide Web Consortium (W3C), the member organization for the standardization of technologies on the Internet.

Payload - two different sides

The term payload can have two different meanings. On the one hand, payload is the term for the components of malicious software (malware) that is smuggled into a system undetected. The malware is hidden with the help of the payload in an area of a message marked as text.

On the other hand, the term payload also exists in the field of communication technology. This refers to the transport of data in a data packet that does not contain any control or protocol information. Payload data includes, for example, texts, characters and images.

Transport of user data

The transport can vary depending on the protocol. As a rule, payload data is handled as follows for nested protocols. Payloads receive header information from the protocol when the protocol is executed. These are then forwarded to the underlying protocol layer and in turn represent user data. This process is repeated several times. The user data field usually follows the header, but a trailer can also follow a network protocol.

Further technical terms from the field of IT can be found in our 1×1 of IT.

Black Network port - cable socket icon isolated on white background. LAN, ethernet port sign. Local area connector icon. Set icon in color square buttons. Vector Illustration

NAT and PAT

NAT and PAT technology is used to replace an Internet Protocol address (IP address) with IP data packets. But what exactly is it, how does it work and how secure is this solution?

NAT and PAT

What is NAT?

Network Address Translation (NAT) acts as a translation of an IP address used in one network into another IP address used in a different network. It converts a public IP address into several private IP addresses. Each outgoing connection is read with an IP address and port number. The NAT can then use the specified port number to assign incoming data to a local station. However, this assignment is only valid for a short time.

A distinction is also made between source NAT (SNAT) and destination NAT (DNAT). With a SNAT, the source address is exchanged, which is typical for private Internet access. However, a destination NAT (DNAT) is used to change the destination of an IP packet. The DNAT is usually used to change a public IP of an Internet connection to a private IP address of a server in the private subnet. SNAT and DNAT can be used individually or together for an IP packet.

What is PAT?

Port address translation enables several devices in a local area network (LAN) to be mapped to a single public IP address. This technology is therefore an extension of NAT. In this way, many IP addresses are saved. PATs are used in most home networks.

How safe is this technology?

In terms of IT security, there are few security concerns with NAT. As the end devices are hidden behind a router, i.e. in a private network, from the public Internet, the systems cannot be reached from the Internet. A direct Internet connection is only required when the end devices establish a connection. Although this technology cannot replace a fully-fledged firewall or packet filter, the protection is comparable to a rudimentary firewall.

If you have any questions about more detailed information on these techniques, the b.r.m. staff will be happy to help. You can also read more on this website.

Concept on legal violations on the Internet, laws and regulations

DSGVO and GDPR

Compliance with the DSGVO and GDPR is more important than ever in the age of the internet. They are the basic rules of data protection and data security. They also form the basis of transparent handling, which is intended to limit the misuse of data.

What is the GDPR?

The General Data Protection Regulation (GDPR) originates from the European Union and provides rules for the processing of personal data. The regulation must be applied if data is stored or is to be stored in a file system during processing.  

These apply throughout the EU in both the private and public sectors. This means that every company that processes personal data must comply with the GDPR. This also applies to natural and legal persons, as well as to companies working on behalf of a third party.

What does GDPR stand for?

The General Data Protection Regulation (GDPR) forms the new legal framework of the European Union. The regulation defines exactly how personal data may be collected and processed.

Since May 2018, these regulations have applied to all organizations based in the EU that process personal data. It also applies to all organizations worldwide that process the data of EU citizens.

DSGVO and GDPR at b.r.m.

The Bremen-based IT service provider b.r.m. is known for its GDPR-compliant data center. In addition, b.r.m. has strengthened its security through several parameters. From technical and organizational measures (TOM) to security analyses and risk assessments, business ressource management is ideally positioned.

In addition, Harald Rossol and Thorsten Brendel from b.r.m. are engaged as company data protection officers. They are experts in data protection and will be happy to answer any questions you may have.