Proactive Services

NETWORK DESIGN

Network designing plays a very important role in how effective we can utilize the available network resources and how secure our network would be.

In our network designing services we understand the requirements of an organization and accordingly design the network so that it fulfills all the requirements of the organization, is stable, is scalable and is secure.

WE CONSIDER THINGS LIKE:

1. Requirements for the LAN segmentation
2. Logical & physical segregation of the LAN segments
3. Placement of network devices like switch, router, firewall, IPS, wireless access-points, servers
4. Configurations of network devices like switch, router, firewall, IPS, wireless access-points, servers
5. Redundancy for critical systems like router, firewall, IPS, servers

SERVER HARDENING

Server Hardening is process of fine-tuning the server’s Operating System to provide better security and minimize the risk of unauthorized access to the system.

Operating Systems (Windows, Linux, Unix) are usually not very secure with the default installation. Security policies are to be configured on the OS in order to protect the server and the data in the server.

WINDOWS SERVER HARDENING:

1. Group policy auditing
2. Service audit and lockdown
3. Password policy auditing
4. Firewall policy auditing
5. Windows Registry auditing
6. Windows defender and anti-malware status auditing
7. Service pack and security patch status auditing
8. File permission auditing

LINUX / UNIX SERVER HARDENING:

1. Kernel updates
2. Kernel-level hardening
3. Hotfix auditing
4. Software repositories auditing
5. Firewall policy auditing
6. Service audit & lockdown
7. File permission auditing

FIREWALL INSTALLATION AND MAINTENANCE

Firewall can be a software or a hardware solution to protect an organization’s network. Firewall plays a very key role in the perimeter security of an organization. Firewall can be used to control the traffic flow to & from the organization’s network from internet. As with every network security solution, Firewall needs to be configured with policies on what has to be accepted or denied.

In Firewall installation & maintenance, we will assess the organization’s network requirements.

LINUX / UNIX SERVER HARDENING:

1. Instal a Network Firewall either as a part of UTM solution or as a Next Generation
2. Firewall
3. Installation of Firewall licenses
4. Upgradation of Firewall firmware to include the latest stable version and security patches
5. Configure required policies for outgoing & incoming traffic to local network as well as
6. DMZ networks
7. Audit the access control onto a system from internet
8. Configuration of Virtual Private Networks
9. Configuration of Firewall Log management service/server

Intrusion Prevention System (IPS) plays a very important role in keeping an organization’s network secure by preventing a successful intrusion.

IPS can either be a hardware or a software solution with can be part of a UTM solution or a standalone installation.

IPS can detect any attack onto a network resource and report it to administrator or a SIEM solution.

IPS CAN BE OF 2 DIFFERENT TYPES:

1. NIPS
2. HIPS

NIPS (Network IPS) is installed at the network perimeter level to protect all the resources of a network.
HIPS (Host IPS) is installed at the end-point (server or user system) where it checks for attacks and prevents them.

IPS USES DIFFERENT METHODS TO IDENTIFY AN ATTACK:

1. Signature Based
2. Heuristic Analysis

3. Protocol Analysis SIGNATURE BASED DETECTION

In this method IPS compares the packet with pre-configured pattern or a known attack pattern called Signatures.
HEURISTIC ANALYSIS

In this method IPS checks for the behaviour of a packet or a stream of packet by visualizing it in a sandbox environment to determine if it is an attack or not.

PROTOCOL ANALYSIS

In this method IPS checks if there is any deviation with respect to the established protocol standards & flags it as an attack if there is any deviation.

END-POINT SECURITY

Endpoint security or endpoint protection refers to a methodology of protecting the corporate network that are remotely bridged to client devices. All these devices connecting remotely to the corporate network can be an entry point for an intruder. End-Point security is a methodology to provide security to each of these devices in the corporate network.
End-Point security generally consists of a security suite installed on a server and a client installed on each of the device remotely connecting to the corporate network.

End-Point security can perform user authentication, anti-malware scan & also check if the remote device meets a pre-defined security criteria.

ANTI-SPAM

Spam messages are irrelevant or unsolicited messages sent over the Internet for the purposes of advertising, phishing, spreading malware, etc.

Spam messages or mails are a major concern to the system administrators consuming lots of valuable bandwidth and storage.

Our Anti-Spam services use various techniques like Reputation based Blacklisting, Heuristic analysis, Geolocation based filtering, content based filtering to identify spam messages and stop them from reaching the user inbox.

ANTI-VIRUS

A Virus in computing sense is a malware which is harmful in nature designed to damage the user data or Operating System of a system.

To protect a network from virus infections, we provide anti-virus solutions to end-user systems and servers. We can have a distributed model where every end-user system has anti-virus installed and can be configured individually or a centralized model where every end-user system has anti-virus installed and configured from a central server.

PASSIVE VULNERABILITY SCAN

A Vulnerability Scanner is an application which scans a system for vulnerabilities by directly sending the the vulnerability signature requests.
A passive vulnerability scanner is an application which monitors the network traffic flow to determine vulnerabilities on a host operating system or an application. They can check for the installed Operating Systems, applications and patch levels of various systems in the network.
Our Passive Vulnerability Scanner is installed in a transparent mode without being intrusive into the network activity.

PATCH MANAGEMENT

Patch Management refers to the process of understanding the missing security patches on an operating system or an application, obtaining the required security patches, testing them for stability, compatibility and performance in a test environment simulating real-world conditions before deploying them onto a production environment.
Patch management is a continuous cycle of events to enhance the system security.

WEB APPLICATION FIREWALL

Web Application Firewall can be used to control traffic flow to & from a web application. Web Application Firewall is different from a network firewall in the way how it works, unlike a network firewall which is used to protect network components like servers a Web Application Firewall is useful in inspecting web attacks like file inclusion, cross-site scripting (XSS), SQL Injection and security mis-configurations.

Our Web Application Firewall service lets you take over full control over the web traffic to the server and protect it by inspecting traffic for attacks like file inclusion, cross-site scripting (XSS), SQL Injection.

WEB APPLICATION SECURITY

Web Application Security refers to the process of protecting a webserver /web application from these kind of attacks.

1. File inclusion
2. Cross-site scripting
3. SQL Injection
4. Buffer overflow
5. Memory corruption
6. Denial of Service

Our Web Application Security service uses a combination of Web Application Firewall, Unified Threat Management & application level optimizations to protect the web applications from the said attacks.

THREAT INTELLIGENCE SERVICES

A threat intelligence service is about collecting, analyzing and filtering data about emerging threats. This information can be reported to the organization to assist them in understanding the risks and mitigate them in order to protect network resources.

Threat Intelligence service includes information about vulnerabilities, zero-day attacks, exploits, malware, privilege escalation, phishing attacks etc.

ZERO DAY UPDATES

Zero-Day vulnerabilities are those which are identified but does not a concrete solution on how to mitigate it. Generally Zero-Day is the time frame between when a vulnerability was identified and when a security patch is released. Zero-Day time frame can last anywhere between few hours to years. Developers have to analyze the vulnerability, in what circumstances it can be exploited, how kind of access does the attacker need, is it practically possible to exploit the vulnerability etc., and find the root cause for the vulnerability. Once the root cause is found developers have to find a way on how to mitigate it, then design a security patch after properly testing the mitigation procedure. This security patch once released to public has to be downloaded and installed on user system.

In our Zero-Day protection process we use technologies which can analyze the request protocol, deviation from the standard protocol definitions, behaviour of the request data in a sandbox environment to mitigate attacks and suggest any alternate options available on how to secure the system.