We recently interviewed Michał Kasprzak, SecOps/SysOps Administrator of TraceRoute42. We asked him about his company’s customers’ secure access to the Kubernetes cluster.
PIA: What does your company do?
Michał Kasprzak: TraceRoute42 is a technology consultancy firm with a vast expertise in infrastructure architecture, design & maintenance. We help startups and enterprises create bulletproof architectures and choose an optimal solution during the concept phase or implementation of major functional changes. We advise on how to prepare for changing factors and parameters of system load, security breaches, unexpected emergency situations, and their impact on project resources.
We are a team of Linux Administrators who have once decided to move over to Kubernetes. Currently we are working on automation of creation and updates of various k8s environments, and we assist projects in their sysadmin, devops, and database related issues.
PIA: What do you love about working in cybersecurity?
MK: I have a constant itch to keep learning new things, and being constantly evolving and changing, security in our IT world is one of the best fields to gather and share knowledge.
I believe that cybersecurity is a topic that should be much broadly talked about and better understood by more people, not just experts in that field. I am always amazed by the fact how many different approaches for attacks are practiced nowadays, both simple and incredibly complex. DDoS attacks are not only a domain of the gaming community anymore. Scam emails or text messages are not received only by elders as they have grown into sophisticated mechanisms where one click without any safeguards can compromise your internet identity.
We are living in a digital world where each of our steps is monitored, all of us generate a magnitude of data and a lot of information about us that we are not even aware of, is sold and exploited all the time. That’s why I love finding out new approaches on how to secure both my actions on the Internet and TraceRoute42 clients’ infrastructures.
PIA: Why do individuals and companies need a good VPN?
MK: A good VPN is a must have as a first checkpoint of security for the companies. It allows to regulate access to all the internal services controlled by whitelists, limit available access on the internal machines themselves and to retain the encrypted traffic and critical information from ISP’s. For developers and individuals, it is not only one of the best privacy tools any PC user can have, but also the best tool for spoofing your coordinates either for geolocation apps, edge server functionality development or to avoid region locks on various sites and services.
At TraceRoute42, when we approach a new client, the first thing we do when we create infrastructures is to create secure access to the Kubernetes cluster as well as to safekeep communications between clusters and their services. Having the access via VPN, we can manage it in a secure way—one thing is that without VPN you are not able to access anything and another one is that when we disconnect the user from the network, even if any credentials are overlooked or new exploits came about, we are sure that the user has no physical access to the infrastructure.
Another solution is that with the use of VPN we can control the traffic. If the default connection route via ISP is slow, using private networks and custom routing tables we can modify connections between the services accordingly be it to increase the throughput or reduce the latency to Percona SQL server used by the client, or series of external services from various providers like GCP or AWS.
What is more, nowadays most of us work remotely. It is important to think on behalf of each employee to find and recommend the best way to secure their information and personal data and determine the starting point to which we can direct them. In Europe, in May 2018, we were introduced to the GDPR regulations that also influence the security quite heavily. E.g. some of the information can’t be stored on the personal computers anymore, that’s why it is much better and easier to connect to them via VPN. And while the EU can try to enforce some policies that may help with protection of our data in the Internet, at the same time, more and more services are available in the cloud, forcing us to constantly exist in the Internet, exposing us to possible points of attacks and data harvesters at every step. In theory, HTTPS protocol is widely used but there is always a possibility of untrustworthy ISP or governments themselves and security first and foremost has to be upkept by the user himself.
PIA: What are the worst cyberthreats out there today?
MK: Various ransomware attacks were making waves a few years back, and some of their variants are still being discovered today. Utilizing exposed ports on older systems, and holes in firewalls by not handling the entire of the internal traffic in private networks is one of the main reasons for that. That’s why, previously mentioned VPN, can limit the possibility of ransomware attack as we can block access to the services to users with no VPN access by disabling the entire traffic and allowing only from the specific origins, like our network host server.
And while more and more people are becoming aware of various dangers lurking everywhere, they began to rely on those solutions. By being a central point of access, VPN’s and programs like password managers greatly reduce the amount of cyberthreats preying on all of them. But we must remember that their usage creates a vulnerability in itself. When someone gains access to the password vault, or our private network connection credentials, said bad agent is effectively stealing our entire identity and can cause even bigger damage than if some single traffic or connection was once exposed. That’s why it is also extremely important to keep our solutions that are safeguarding us, also secure.
Additionally, we cannot ignore the constant flood of phishing mails and other scams preying on non-well-versed users in computer usage, as well as hundreds of breaches affecting various sites and services which are retaining their user data in non-safe manner causing millions of passwords being leaked so far.
Furthermore, the recent war in Ukraine reminded us about the still prevailing danger of DDoS attacks. Additionally, governments or other organized attackers can be actively looking to either damage specific services and pages with old, unpatched methods or new 0-day exploits. They can gain access to the information, either through exposed soldier’s phone locations or by social engineering. They can manipulate the source to obtain access to crucial infrastructures that are capable of carrying out informational war, which can impact us as well. If we were to be unprepared for such scenarios it would lead to effectively removing our access to either some content or access to the Internet in general.
PIA: How is the pandemic changing the way your company deals with cybersecurity?
MK: For us, the pandemic has not changed that much. We are a remotely working company, so there was no difficulty with adapting our routine. The use of VPN was not new to us, as we had become accustomed to its use for the past years. As we already mentioned, part of what we specialize in is to search for security issues for clients, like known vulnerabilities and other potential threats to their infrastructures.
While it might not have been too visible to us in the first place, we have eventually noticed the increase in security awareness of our clients. Not only regarding their infrastructures but also regarding their own home offices – which is something we are very happy about as we all in the team are in some way security freaks.