Establishing an effective network auditing process is an essential step towards having a secure business
Information Security Services
Computer Network Security Audit
Today’s statistics and studies reveal that about 75% of cyber-attacks are done at the web application level. Latest studies by Gartner Group have revealed that: Web application security has become a priority in any organization. Therefore, Web applications, has turned to be a valuable source of data and a vivid market of transactions. Web applications are posted on the Internet, and often have direct access to backend data such as customer databases, clients’ transactions, etc. consequently, can be attacked 24/7 & are more susceptible to internet intimidations & attacks.
How to secure applications, what are the Network security auditing methods?
In the simplest way of definition; network security auditing is the best way to really know how secure or insecure your network is.
Establishing an effective network auditing process to find the network security vulnerabilities is an essential step towards having a secure business & secure web applications.
Security auditing process starts with a full knowledge about each organization, this amount of information and policies will enable the security auditor in the security auditing phase to perform essential security measurements and check the discrepancies between your companies system and the ideal situation. At the end of the security auditing process, the security auditor will then recommend the optimum solution to your company’s network and will define users’ security policies.
Our team will accurately discover the security holes in your network; they’ll perform personal interviews, vulnerabilities scans, etc. Then they’ll customize the security patch for these holes & set the security rules for each user in your network. Security auditing is an ongoing process that is essential in defining and maintaining effective security policies. We at offer comprehensive security auditing for your company or organization.
Online Reputation Management and Control
When doing business online, there is nothing more painful than to hear that a potential customer “Googled” your company or personal name and will not be doing business with you because of what they read online. Today, you are defined by what appears on Google, Yahoo and Bing. In fact, hundreds of thousands of dollars are lost each day because of false, erroneous or misleading search engine results. Whether the negative listings are from a competitor, a news site, or a message board, the impact can be financially challenging at best and devastating at worst. The good news is that – with very rare exception – We can resolve your issues with a speed that comes from knowledge and experience.
The engineering talent and experience that we maintain in-house is second to none in the areas of Reputation Repair and Reputation Management.
We know how important it is that you have a positive online reputation. Potential clients and business partners will want to learn as much as possible about you before sealing a deal and future employees will want to know they are in good hands with your organization. The first impression they receive of you and/or your company may be what they see in their Search Engine results. The question is: will they like what they see?
We understand the online reputation problems you may face and we offer cost-effective results that contain long-term solutions. Our unique, time-tested Online Reputation Repair service will help you get your name back under your ongoing control so that you can focus on running your online business.
Our skilled team of computer forensic examiners has a wealth of experience in the courtroom – and in the lab. We believe in giving back to the technology and legal community to help advance the industry.
If your case involves technical data, our forensic computer examiners can provide an unbiased, independent analysis of the data. These are just some of the areas in which we regularly work:
- Trade secrets misappropriation
- Copyright issues
- Trademark issues
- Document Authentication
- Email Authentication
- Email analysis
- Criminal cases
- Internet activity
- Cell phone forensics
Our clients include automobile manufacturers, aerospace, healthcare, software and high tech manufacturing. Our forensic computer examiners have expertise in IT systems and can rapidly get the heart of your issue. Our forensic analysts frequently work in these areas.
Why Hire Us?
Informus Group is an innovative, private sector initiative designed by a team of former military and intelligence operatives, chief executives and corporate strategists offering private intelligence services to CEOs and senior executives of multinational corporations. Offering internal and external information operations, due diligence services, competitive risk assessment, political intelligence analysis and other customized technical services. Informus Investigations is a unique team of specialist helping CEOs navigate a more complex world changing by the quarter.
The tools we use
Kali Linux 2.0
Kali Linux 2.0 is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. Kali Linux promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.
Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, Kali Linux is the one-stop-shop for all of your security needs. Kali Linux 2.0 includes many well-known security tools including:
- Metasploit integration (Non-Working  and Officially Unsupported )
- RFMON Injection capable wireless drivers
- Wireshark (formerly known as Ethereal)
- BeEF (Browser Exploitation Framework)
- OWASP Mantra Security Framework collection of hacking tools, add-ons and scripts based on Firefox
- Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password.
- Quypt (Terminal Emulator)
- A large collection of exploits as well as more commonplace software such as browsers.
Typical Network Security Audit
The Scope of Work is usually setup in five (5) sections; which are:
- Section I: External Network Vulnerability Assessment and Penetration Testing;
- Section II: Internal Network Vulnerability Assessment and Penetration Testing;
- Section III: Web Application Penetration Testing;
- Section IV: Phishing; and
- Section V: Information Security Controls Assessment.
Section I, II, and III
The Internal and External penetration testing exercises will provide a practical approximation of the weak points in your network infrastructure and selected applications, describing the risks of such vulnerabilities, and facilitating the design of a plan for implementing remediation.
- Investigate whether or not an attacker could penetrate the system internally or externally, without you providing any more information than would naturally be available to an anonymous attacker;
- Provide evidence that verifies the exploitation of any critical and high vulnerabilities discovered, as well as the scope of these vulnerabilities, and their remediation; and
- Investigate whether or not there exist any known vulnerabilities on the network and applications that are to be evaluated, which an attacker could take advantage of, without the organization providing any more information than would naturally be available to legitimate users.
In addition, deliverables will include at a minimum:
- Executive summary report ‐ A summary report of all completed penetration test activities and their results. Reported data includes:
- Summary of exploited vulnerabilities;
- Summary of discovered hosts; and
- Most exploited vulnerabilities (overall and by operating system).
- Host report ‐ A detailed report about the hosts tested grouped by host IP address. Reported data will include:
- Number of compromised hosts;
- Services and applications found on each host;
- Average number of exploited vulnerabilities on those hosts;
- The names and details of the vulnerabilities found on each compromised host; and
- How to uninstall the agent from comprised systems.
- Vulnerability report‐ provides a detailed report about the vulnerabilities that were successfully exploited on each host (versus potential vulnerabilities). The report will provide details for each of the exploited vulnerabilities listed for the compromised hosts in the Host Report. We provide detailed screenshots and other evidence collected.
For each of the vulnerabilities found, a vulnerability record will be presented using the following format:
- Category of vulnerability;
- Vulnerable system identification IP address;
- Hostname (if available);
- Operating system; and
- General conclusions and recommendations ‐ Manual interpretation of the results and provide information as to what these results mean in an easy to understand format.
Recommendations will include remediation and configuration suggestions and will include:
a) Feasible security measures that will allow the organization to address policy issues, eliminate or mitigate harm resulting from each identified potential threat and vulnerability;
b) Develop a realistic action plan with IT leadership in the context of environment(s) and available resources. Action plans includes projected capital and operating expense required, as well as estimated level of effort by internal or external resource type and estimated duration of effort. The action plan will also include a recommended implementation plan which includes solutions based on practicality and fiscal responsibility. The recommendations will be based on technology and be vendor neutral; and
c) A presentation to senior leadership on the key findings and recommendations from the security assessment and penetration test engagement.
The phishing campaign will be limited to email in an attempt to acquire sensitive information such as usernames and passwords. The test will attempt to determine the overall security awareness of the user community.
- Conduct an email phishing campaign in an attempt to acquire sensitive information such as usernames, passwords, and credit card details. The test will determine the overall security posture of the corporate user base; and
- Provide a report that includes: email template(s) used, first and last name of employees to see if links in email was clicked and whether or not employee credentials were entered.
In addition, deliverables will include at a minimum:
- Executive summary report ‐ A summary report of all phishing activities and their results.
Reported data includes:
- Template: “bait” email template used;
- Names and number of people who opened the phishing email;
- Names and number of people who opened the phishing email and clicked the URL;
- Names and number of people who reported the phishing email;
- Number of people who clicked the URL and did not report the phishing email;
- Number of people who clicked the URL and did report the phishing email;
- Number of people who did not click the URL and did not report the phishing email; and
- Number of people who did not click the URL and did report the phishing email.
The level one phish is an easy email scam to spot. Similar to the 419 scam email. These emails will contain many indicators such as easy to spot grammatical and spelling errors. A shortened URL will be used in the email that redirects to an IP address.
The level two phish contains more complexity making it a moderately difficult email scam to spot. Emails will be similar in look and feel to organizations such as UPS/FedEx tracking emails containing indicators such as bad grammar. The URL in email will match the formatting used by the legitimate emails being spoofed and redirect to an IP address. Note: The URL can be redirected to a registered domain however this would be optional as hostname would need to be purchased.
The level three phish is a difficult email scam to spot and resembles a real-world targeted attack. The look and feel will match those of the organization being spoofed and contain branding similar to Apple ID password reset, Amazon order tracking, and Outlook Web Access form. This set of emails will contain a login form to capture users’ credentials.
The level four phish is the most difficult email scam to spot as emails will be catered to the Client. Emails will contain recent news about the Client or internal memos. These emails closely resemble spear phishing emails as they are customized to each Client and no templates will be used. Emails will contain a URL that redirects to webpage containing login form to capture users’ credentials. A hostname similar to the Client will be utilized with HTTPS enabled.
The Information Security Control Assessment will provide a logical approximation of the strength and maturity of your security safeguards currently in place. You will receive an analysis and prioritization of the threats and risks against the current safeguards and recommendations on how to strengthen them, if needed.
- Conduct a comprehensive threat risk assessment, and gap analysis on Your IT security safeguards currently in place; and
- Provide a report that measures threats and risks against current safeguards and a prioritized roadmap of recommendations on how to strengthen them.
In addition, deliverables will include at a minimum:
- Executive summary report ‐ A summary report of all assessment activities and their results. The report will include:
- Assets at risk;
- Threat agents against assets;
- Prioritized plan and roadmap; and
- Mitigation recommendations.
The physical will focus on measuring the proactive security and incident response capabilities of your security team. For physical testing, testing involves a wide spectrum of attacks ranging from physical, social, and electronic vectors. The testing team will visit you physical locations and try to gain access to the building by way of tailgating or compromising access control mechanisms.
At a minimum, physical testing will include:
- Sniffing and cloning of employee RFIOD access cards;
- Social engineering and pretexting individuals in order to gain access to the physical locations;
- USB dropping using customized USB tools to automatically execute backdoors on devices. In addition, deliverables should include at a minimum:
Executive summary report ‐ A summary report of all assessment activities and their results. The report should include:
- Vectors of attack;
- Vulnerabilities found;
- Vulnerabilities exploited; and
- Recommendations for mitigations and further security measures.