WP Remix
Want to be a Member of the Program ???
Home > Services > Technology Consulting

Technology Consulting

The threat environment is rapidly and inexorably worsening. Unless kept in sync, existing organisational malicious code defence infrastructures will get obsolete if not already so. infySEC’s Malicious Code Management Service works towards developing malicious code management strategies for protecting an organisation’s information systems based on an assessment of risks and vulnerabilities, and the changing threat environment. The Service encompasses the following:

Evaluation of the effectiveness of the existing management, operational and technical controls implemented to protect the organisation against virus, worms and other malicious logic.Evaluation of the capability and scalability of the existing technology solutions in coping with evolving and future virus/worm threats.

Evaluation of the malicious code defence architecture for protecting electronic communications and the vulnerabilities introduced by them.Determination of the gaps that exist between desired level of risk mitigation, and what the existing malicious code defence infrastructure can provide.Recommend remediation solutions that could be applied to plug the identified gaps.

    1. Firewall Auditing
    2. Web Portal Security
    3. Vulnerability Assessment
    4. Patch Assesment

      Firewall Auditing

      A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

      Without proper configuration, a firewall can often become worthless. Standard security practices dictate a “default-deny” firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization’s day-to-day operation. Many businesses lack such understanding, and therefore implement a “default-allow” ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.

      Many organisations implement firewalls without understanding the underlying technology or realising the need for architecting a comprehensive policy for such firewalls. This leads to a false sense of complacency and security.Firewalls are used to prevent unauthorised persons from accessing private networks connected to the Internet. Data entering or leaving the Intranet passes through the firewall, which examines the data and blocks data that does not meet the specified security criteria.

      Through the Firewall Auditing Service, Infysec carries out a detailed review of the firewall configuration, either on-site or remotely, for secure practices, optimal organisation of rules, etc. Our consultants analyse and rectify configurations, simplify the organisation’s rule-sets and related objects, and fine-tune the performance of the firewall and set appropriate operating system parameters. They also review random samples of log-files for suspicious activity.As a result of a firewall audit, an organisation obtains a firewall that is optimised for security and performance. A summary of findings that includes remedial needs and suggestions for improvement of security and management is also provided.

      A detailed firewall audit provides a certain level of comfort that all possible security and continuity risks are being adequately addressed and also ensures that an adequate level of network integrity and security is achieved and maintained.

      Areas that are covered under a firewall audit are:

      • Firewall Management and Administration
      • Firewall Policies and Procedures
      • Firewall Configuration
      • Firewall Logical Access
      • Operating System Logs
      • Firewall Test
      • Physical Security
      • Continuity of Operations

      Firewall audit service can simplify management of your back-end Web applications.You can use it to virtualize the endpoint address, handle rate limit requests, and enforce access control. You can configure these items using the firewall audit service without writing any custom code.

      Web Portal Security

      A infySEC Web Portal presents information from diverse sources in a unified way. Apart from the search engine standard, web portals offer other services such as e-mail, news, stock prices, infotainment, and other features. Portals provide a way for enterprises to provide a consistent look and feel with access control and procedures for multiple applications, which otherwise would have been different entities altogether.

      There is an increasing use of the internet by organisations to take advantage of its global reach. However, this introduces the requirement for pristine security controls related to processes and technologies that need to be deployed and securely managed. Our consultants conduct comprehensive security testing of the applications deployed for the Web Portal. All the server-side components of an application are examined. They include, but are not limited to, the following items that support the application:

      • Application code
      • Web servers and Database servers
      • Directory and authentication devices
      • Firewalls
      • Network and enclave configuration required to support the application
      • Operating system platforms for any of the above

      Infysec’s Web Portal Security Service provides a comprehensive framework for assessing the security of the application processes and for reviewing the controls to examine their consistency with the business objectives.To accommodate a wide variety of security requirements, Infysec Portal integrates with other security infrastructure components to provide authentication, authorization, and single sign-on (SSO) capabilities. Infysec provides resources for portlet developers, portal administrators, IT Security professionals, and portal developers who need to configure, administer, or use Infysec Portal security features.

      Vulnerability Assessment

      A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed for include, but are not limited to, nuclear power plants, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Vulnerability assessments can be conducted for small businesses to large regional infrastructures.

      Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:

      1. Cataloging assets and capabilities (resources) in a system.
      2. Assigning quantifiable value (or at least rank order) and importance to those resources
      3. Identifying the vulnerabilities or potential threats to each resource
      4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

      Security measures should be properly targeted, and directly related to potential impacts, threats, and existing vulnerabilities. Failure to achieve this could result in inadequate security measures and excessive or unnecessary expenditure. An appropriate threat and risk assessment promotes better targeting of security measures and facilitates better decision-making.

      Through the Vulnerability Assessment and Penetration Testing Services, Infysec conducts a threat and vulnerability assessment of the network infrastructure devices. Our consultants review logs, services, application processes, trust relationships, access controls, and encryption. Our consultants also conduct an in-depth assessment of servers, routers, and security devices to determine the level of threat from external attackers using vulnerability assessment tools and manual exploration.Ethically and professionally conducted security and penetration tests help organisations to understand and assess the security vulnerabilities within their systems, as well as the associated threats and risks.

      Patch Assessment

      A fix to a program that eliminates a vulnerability exploited by malicious hackers.In computing, a patch is a small piece of software designed to update or fix problems with a computer program or its supporting data. This includes fixing bugs, replacing graphics and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems.

      Patch Assessment is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.By the Patch Assessment Service, Infysec conducts an in-depth analysis of an organisation’s existing patching practices.Our consultants review the patch management process followed. They consider aspects like documented procedures, efficiency of the patch deployment methodology, i.e. automated or manual, patch testing and validation procedures, etc. Our consultants also review procedures for exceptional cases where patches are not deployable and the workarounds that have been implemented for the same.

      As a result of this service, the organisation obtains a comprehensive understanding of the efficiency of the current patching processes, the lacunae in the existing procedures and the risks involved, which could adversely affect the continuity of their business. Detailed recommendations are provided, which enable an organisation to bridge those gaps in their information security domain.