PL EN
Best practices for IT service management

The dedicated SNP service organization ensures the quality and continuity of handling of all outsourcing contracts. Our work is based on ISO 20000, ISO 27001, PCoE (SAP Partner Center of Expertise) standards.

SNP Poland is the leader of SAP services market in Poland.
For 25 years (until 2017 - as BCC) we have been providing a full range of implementation, development and maintenance of SAP systems. We provide IT security and software development services.

We are a part of SNP Group - a leading global provider of solutions for transformation of SAP environments .

Since 1995 we have successfully accomplished hundreds of IT project in many countries worldwide.

Our experts present the most interesting solutions of IT world.

See the webinar archive, register for upcoming webinars.

See upcoming webinars:

    No results

Dlaczego uważamy, że SNP jest dobrym pracodawcą? Bo łączymy cechy rzadko spotykane w jednej organizacji - duże możliwości rozwoju, a zarazem dobrą atmosferę i elastyczność środowiska pracy. Dowiedz się więcej, na czym to polega w praktyce!

Important changes in TLS protocols

Safe – safer – safest

Share
Print:
In October 2014, SSL 3.0 protocol vulnerability to POODLE attacks (Padding Oracle On Downgraded Legacy Encryption) was detected. Google then posted a technical report stating that the bug was caused by the structure of the protocol that could not be fixed and that SSL 3.0 should be disabled as soon as possible in any program that supported it. Banks and public institutions reacted to this by gradually disabling the connection with their portals via SSL 3.0, and TLS (Transport Layer Security) became the main supported protocol.
 

TLS in finance and banking

TLS is a standard SSL extension used in the Internet. It ensures the confidentiality and integrity of data transmission as well as authentication of the server and the client. It is of particular importance in safe banking transactions. At present, electronic banking is accessible only via browsers supporting the latest version of the TLS protocol. The similar rules are introduced by the Ministry of Finance, which in October last year posted on its website the information about the change in the way in which the e-Declarations test gate communicates with WebServices. TLS version 1.0 was replaced by TLS 1.2. The sudden change caused numerous problems with sending required documents by end users, so the Ministry decided to revert to TLS 1.0. The situation showed that end users and vendors of software had to adapt themselves to changes. The re-upgrade of the protocol to TLS 1.2 is scheduled for mid-2017.

The described problem is related to both the adaptation of endpoint workstations (a relevant version of an operating system and a browser is required), software and systems responsible for exchanging information with the Ministry or banks requiring a secure TLS 1.2 protocol as well as mobile devices.

One must remember that the connection security also depends on the cipher suites used in the connection. In addition, it is necessary to use current libraries – implementations of the TLS protocol where vulnerabilities appear frequently. Due to the security and performance enhancement features that appeared in TLS 1.2, customers should connect using the latest version of the protocol.

Comparison of TLS versions
TLS 1.0
Developed in 1999 as an update for SSL 3.0 with many vulnerabilities. It is vulnerable to the BEAST attack, which enables, for example, stealing a cookie from a TLS-secured HTTP session.
TLS 1.1
Published in 2006. Includes fixes in CBC implementation: secure IV initialization vectors and handling of padding errors.
TLS 1.2
Published in 2008. In this version, the features increasing security and performance were added: using the SHA-256 algorithm instead of MD5-SHA-1 in the pseudo-random function and support for AEAD (Authenticated Encryption with Associated Data) ciphers. These ciphers are used in GCM and CCM modes. They protect against the “Lucky Thirteen" attack. In addition, the GCM mode is characterized by high performance.

TLS 1.2 vs. SAP systems

SAP systems also require adjustments and comprehensive verification of the configuration to ensure full support of the encryption protocol and proper communication before its final change. SAP systems that connect to external systems supporting only TLS version 1.2 require verification of versions of such components as:

  • Kernel (SAPSSL) – SAPSSL is an integrated part of ICM (Internet Connection Manager) responsible for handling NetWeaver Kernel sessions. The configuration is made using SAP profile parameters.
  • CommonCryptoLib – a library called up by SAPSSL.
  • IAIK JCE & JSSE (for SAP AS JAVA only) – a component responsible for outgoing connections.

SAP systems that do not have relevant versions of the mentioned components will not be able to connect via the TLS 1.2 communication protocol. The upgrade of the components to the required versions and loading the configuration from the SAP profiles require the system to be restarted, which means its unavailability.

IT security management is a process. Confidentiality, Integrity, Availability (CIA) are stable pillars of this process. If any of them is degraded with time, then the IT security management process can quickly collapse in ruins. Security administrators must therefore ensure that the security pillars are sound. The security of communication protocols is all the more important that breaking them can lead to both intercepting, changing the content, and interruption of communication between IT systems, i.e. the destruction of each of the security pillars. This can have catastrophic consequences for business processes and their owners.
Dariusz Kurkiewicz, SAP Implementation Team Leader, SNP Poland

A new standard = greater security

Over time, the TLS 1.2 encryption protocol will be required by an increasing number of IT solutions. The adaptation of the administrated systems to the new standard is just a matter of time. It is therefore recommended to verify the current condition of IT systems and to adapt them to the forthcoming requirements much earlier. In this way, we gain not only full compatibility with third party solutions but, first of all, full security of data transmission.

IT security

SNP provides services related to IT security in its broad sense. Our team of certified security consultants is able to take the role of a group of hackers (pentesters) and check the security of a company, i.e. to perform the so-called penetration tests (pentests). We also carry out configuration audits regarding security settings, hardening, good practices and other guidelines and methodologies.

Lepszy Biznes

magazyn klientów SNP

Przejdź do bazy artykułów
Share
Print:
#}

Contact form





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

Please write an email or call

E-mail office.pl@snpgroup.com
Phone +48 61 827 7000

SNP Poland Sp. z o.o.

Headquarter:
Złotniki, ul. Krzemowa 1
62-002 Suchy Las near Poznań, Poland

Contact us

How can we help?
Write us
Send email
Call us





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

General contact for the company
office.pl@snpgroup.com

Question about products and services
info.pl@snpgroup.com

Question about work and internships
kariera@snpgroup.com

+48 61 827 70 00

The office is open
Monday to Friday
from 8am to 5pm