• No results found

locuz.com Professional Services Security Audit Services

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "locuz.com Professional Services Security Audit Services"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

locuz.com

Security Audit Services

(2)

Today’s Security Landscape

“Today, over 80% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.”

Immunity against security threats is becoming one of the leading challenges for Enterprise

community. The race to “go online” and develop competitive services are enabling enterprise communities to launch web applications rapidly with less attention to security risk’s making the sites vulnerable. Interestingly many corporate sites are vulnerable to hackers in touch of a button. Locuz follows complete, established and highly effective methodology to help organizations across various verticals address the vulnerabilities and improve their security posture.

Today's security challenges require a fresh look at connectivity and its related security from a fundamental, architectural, perspective.

Locuz is

CERT-In empanelled

IT Security Auditor

Internal and external threat environment not improving

Attacks becoming more targeted and financially motivated

Attacks becoming more sophisticated, targeting applications as well as networks Organized criminal gangs taking over from teenage hackers and "script kiddies" Base II, Sarbanes-Oxiey, HIPAA, SEC, PCI

DSS etc…

Shareholder Value Brand and Reputation

Dynamic Threat Environment

Regulations / Compliance

(3)

Security Services Framework

Our security services comprises of processes and technologies that provide secure access to your business applications and new endpoints.

Security Services Portfolio

BUSINESS GOALS & OBJECTIVES

VISIBILITY CONTROL Identity & Access Mgmt Active Monitoring Corelation & Analysis Isolation & Remediation Policy Enforceme nt

CONFIDENTIALITY INTEGRITY AVAILABILITY

SECURITY POLICY Risk Assessment Security Operations Hardening Infrastructure & Network Security

Governance, Risk & Compliance

Cloud Security

BCP

Identity & Access Management / Single Sign-On

Security Information & Event Management (SIEM)

Mobile Security

Security Posture Assessment (VA / PT) Security Operations Center (SOC)

Data Loss Prevention (DLP)

(4)

Security Audit Methodology

We indeed integrate the best security testing practices of the industry conforming to Information Security compliance standards and our commitment to ensure the highest possible confidentiality. Every activity is performed only after identifying the complete architecture of the network and its complexity.

The steps followed in the Audit process are given below:

Preparation: Identifying critical areas to perform the audit

Scanning: Understand the organizational processes, complexity and technical

configurations of the Infrastructure

Enumeration: Collection of network resources and understand the active connections to

systems and direct queries

Vulnerability Analysis: Understand the vulnerabilities and impact on information such as

web applications variables, etc…

Documentation: Documentation of information and provide scanned reports on the

vulnerabilities and impact.

1

2 3 4 5 Preparation Scanning Document- ation Enumeration Vulnerability Analysis

Field tested methodologies based on standards and proven frameworks Strategic Technology Alliances with Security Vendors

End-to-End Security Consulting, Deployment & Management SOC Service Provider

Value Proposition

CERT-In Empaneled Auditor

Best of class Certified Ethical Hackers & Security Specialists

Combination of State-of-the-art tools Insightful Reports

Deep Domain knowledge (Industry Regulations, Compliance needs etc)

(5)

What we do?

Vulnerability Assessment & Penetration Testing

Vulnerability Assessment Penetration Testing

Testing Scope Scans for all potential

network vulnerabilities. Identifies vulnerabilities and determines if they can actually be exploited. Vulnerability Relevance Categorizes vulnerabilities

based on standardized, theoretical information - not customized to the tested network.

Tests vulnerabilities on specific network resources, enabling prioritization of remediation efforts. Usefulness of Test Results Provides false positives,

identifying vulnerabilities that cannot be exploited.

Exploits vulnerabilities, identifying only those that pose actual threats to network resources. Network Connection

Testing Does not address connections between network components.

Exploits trust relationships between network

components to demonstrate actual attack paths.

Remediation Assistance Delivers long lists of vulnerabilities, limiting remediation options to widespread patching.

Assesses the potential risks of specific vulnerabilities, allowing users to patch only what is necessary and to test the effectiveness of patches and other mitigation

strategies, such as intrusion prevention.

Testing of Other Security

Investments Does not simulate attacks to test IDS, IPS or other security technologies.

Launches real-world attacks to determine if other security investments are functioning properly.

Security Risk Assessment Only identifies missing patches, making it impossible to truly assess security risks.

Safely mimics the actions of a hackers and worms,

providing risk evaluations based on tangible network threats.

(6)

Web Application Testing

Test Category Test Types Web App Testing

Authentication

Brute Force Yes Insufficient Authentication Yes Weak Password Recovery Validation Yes Authorization

Credential/Session Prediction Yes Insufficient Authorization Yes Insufficient Session Expiration Yes Session Fixation In-depth Logical Attacks

Abuse of Functionality In-depth Denial of Service Yes Insufficient Anti-Automation Yes Insufficient Process Validation Yes Client- Side Attacks

Content Spoofing Yes Cross Site Scripting In-depth CGI Scripting Extensive, Including

application specific

Command Execution

Buffer Overflow Yes Format String In-depth LDAP Injection Yes OS Commanding Yes SQL Injection In-depth SSI injection Yes Information Disclosure

Directory Indexing Yes Path Traversal Yes Predictable Resource Location Yes Information Leakage In-depth

System Vulnerability Check

ICMP Checks Yes Windows NT Checks Yes TCP & UDP Port Tests Yes Stealth testing Yes DNS Spoofing Yes RPC testing Yes Initial Sequence Number Prediction Yes FTP abuse checks Yes SMTP relay checks (spam) Yes LDAP checks Yes SNMP checks Yes DNS and bind checks Yes SMB/ NetBIOS checks Yes NFS checks Yes NIS checks Yes WHOIS checks Yes Domain checks Yes Spoofing checks Yes

(7)
(8)

locuz.com

About Locuz

Locuz is an IT Infrastructure Solutions and Services company focused on helping enterprises transform their businesses thru innovative and optimal use of technology. Our strong team of specialists, help address the challenge of deploying & managing complex IT Infrastructure in the face of rapid technological change.

Apart from providing a wide range of advisory, implementation & managed IT services, Locuz has built innovative platforms in the area of Hybrid Cloud Orchestration, High Performance Computing & Software Asset Analytics. These products have been successfully deployed in leading enterprises and we are helping customers extract greater RoI from their IT Infrastructure assets & investments.

Security Audit Services

Locuz Enterprise Solutions

References

Download now ( PDF - 8 Page - 1.19 MB )

Related documents

A Technical Template for HIPAA Security Compliance

Policy & Architecture Risk Assessment Security Policy Security Assurance Testing Reporting Monitoring Training Technology Implementation Solution Design & Selection

Exogenous application of molybdenum affects the expression of CBF14 and the development of frost tolerance in wheat.

The results showed that Mo increased the transcripts levels of Cbf14 at 20  C (non-acclimating), in both wheat genotypes and it is suggested that Mo treatment applied as seed

Primavera Project Planner Planning and Control Guide

For example, if you choose to show progress based on the current project and percent complete, an activity that should have been 50 percent complete according to its target dates,

Excerpt GB8

Physical connection is established (outside the protocol) Server supporting Protocol Layer (XX) Client supporting Protocol Layer (XX) Client AL xDLMS ASE Client AL ACSE COSEM-

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Prior to joining Security Credit Services, Brett served in the internal audit department of a global consumer and commercial services company, and in the audit & enterprise risk

Information Technology. A Current Perspective on Risk Management

Information Security Program Information Security Program Governance Structure • IT Steering Committee • Board Oversight Risk Assessment Physical, Technical,

Plasma Concentrations of Efavirenz and Nevirapine among HIV-Infected Patients with Immunological Failure Attending a Tertiary Hospital in North-Western Tanzania

We conducted this study to determine the pattern of efavirenz and nevirapine plasma drug concentrations among adult HIV-infected patients with immunological failure attending at

RETHINKING CYBER SECURITY Changing the Business Conversation

POLICY POLICY RISK ASSESSMENT RISK ASSESSMENT PERIMETER  SECURITY PERIMETER  SECURITY NETWORK  SECURITY NETWORK  SECURITY HOST & SERVER  BASED AGENTS