Teknotrends Software provides consulting services in the area of enterprise
network security and storage.
Today, security of an enterprise network is a critical aspect of any business. There are several choices one has to make when implementing security --- the trade-offs are between giving employees enough freedom as against ensuring that the desktops and the servers are secure. Too much freedom could mean that all kinds of rogue applications get installed on users’ machines, while too little freedom could curtail creativity and productivity. Besides, there are so many applications to be made secure nowadays --- right from email systems, to databases to instant messengers to browsers, to VoIP applications --- that the whole security problem has become complex enough to need specialists in each of the areas. Further, security is not a one-time issue; it is an issue that needs 24 * 7 surveillance. Further, various compliance laws require an enterprise to be certified in various areas. Teknotrends' team has the relevant expertise to deal with the security of various applications,that of the enterprise network as a whole as well as deal with audit and compliance matters for certifications such as BS7799, BS15000, ITIL and COBIT.
Services Offered
Teknotrends offers two kinds of security services.
a) Certification and Audit Services
b) Technical Services
Certification and Audit Services
Teknotrends has consultaInformation
Security, audit, risk assessment:
IS policy definition and Scope
IS policy Development and control design
Business
Continuity & Disaster Recovery
Readiness Assessment
IS certification readiness assessment
Business Continuity Plans and Disaster Recovery Plans strategy
Frameworks and standards competency
Designing a security architecture
Enterprises have various requirements. They could have a need
for a web server that needs access from external users (the public in
general), a mail server. Both of these would require DNS servers accessible
from the outside world as well as from the internal users.
Nowadays, an enterprise would need employees to have VPN access of the
enterprise network from their homes. In many cases, an enterprise could be
split across more than one geographical location with various locations
connected via VPNs. A perimeter firewall, a perimeter NIDS (network intrusion
detection system) are musts nowadays. Separation of the network available from
outside and a DMZ are parts of designing the security network. Besides,
enterprise networks are wireless nowadays with all kinds of devices (such as
laptops and bluetooth enabled devices) coming into the network and going out.
The network as a whole thus is not static, but is dynamic. Teknotrends can
help you design a secure network; if you already have a network designed,
Teknotrends would analyse your current network from a security point of view.
Choice of products: commercial v/s open source
Further, there are choices to be made in choosing various products. Pricing of
commercial products varies widely, as well as there are cheap open source
alternatives nowadays. Commercial tools cost much more while open source tools
though cheap could involve significant amounts of work in deploying and
configuring. Issues of support and maintenance costs are also considerations
when choosing products. Teknotrends' team would give a detailed report on
the various aspects so that such choices are easy for the company management.
Depolying firewall/NIDS (end point security):
The choice of the firewall and the network intrusion detection system is crucial.
Teknotrends can give pointers on the choice as well as deploy the devices. Further,
Teknotrends can handle constant update of signatures as well as analysis of
firewall logs.
Doing constant updates/patch management:
Products such as NIDS (network intrusion detection systems), anti-viruses, VA tools need constant input of new signatures. Such signatures are provided by vendors from time to time. Firewall logs need analysis as well as correlation of other logs to find out if there have been any breaches in the network. A systematic log archival and correlation strategy is needed. Issues such as SoX compliance also mean that all important data need to be archived for a particular amount of time. Also, vendors keep distributing patches and these patches need to be deployed regularly. Choice of whether to go for a patch management product or do the deployment manually is an important one. Teknotrends can solve this problem for you.
Securing the Servers: Hardening the system
Hardening a system is an important of keeping the system
secure. Briefly, hardening involves many things --- ensuring that only the
required services run on the system, ensure that file accesses and various
other events are monitored, ensuring that unnecessary ports are not open on
firewalls etc, keeping the system updated with latest patches. Ensuring that
file permissions on all executable are appropriate and so on and so forth. CIS
(Center for Internet Security --- http://www.cisecurity.org) has a
comprehensive checklist for hardening a Unix server or a Windows server.
The benchmark is well-accepted in the security community.
Teknotrends would do all that is necessary to harden a system as per CIS
norms.
Desktops/laptops are used by employees. They may not be
high-end machines running all different services. However, an appropriate
policy is needed here so that employees do not misuse the systems. These
policies pertain to issues such as should administrative privileges be given
to users, can users attach USB or other drives to their systems, can they
download applications from the internet and so on and so forth. Even though a
desktop system need not be hardened to the extent a mission-critical server
need to, there needs to be enough protection done. Anti-virus and anti-spyware
solutions may be required. (Alternatively, one could have network based
anti-virus solutions). Teknotrends will work with you to carry out
appropriate policies and then employ technical as well as other solutions to
ensure that the desktops and laptops are secured.
Email servers as well as clients have to be configured properly as well as need to< be secured. Anti-spam has to be installed, as also vulnerabilities need to be patched. Microsoft Exchange as well as Unix SMTP servers such as sendmail have a number of common vulnerabilities in them. Besides, analysis of sources of emails especially when it is a mail containing a virus is an important task. Anti-viruses need to be updated.
Instant messaging is another security risk. Sending and receiving files constitutes
risks in various forms: employees can send valuable data outside, as well as
viruses and trojans can come in through files. Having a technical solution to
IM security as well as proper policies in place is critical.
P2P is a mixed bag. File transfer software such as Kazaa, and skype allows files to be transferred out of the enterprise easily. P2P is also a bandwidth hog. These softwares need to be either blocked or monitored.
Access control, user management, identity management:
Identity theft is one of the major issues on the internet today. Authenticating one’s
identity is extremely crucial. Teknotrends can present solutions based on
encryption, and other tools for identity management.
Spyware
is the latest scourge on systems. A number of anti-spyware products are
available. Teknotrends will help you make the right choices and will
deploy/maintain the anti-spyware softwares.
Every
security device has facilities of logging. These need to be archived on a
different system; further, log inspection, and correlation of various events
can give valuable insight into security breaches. Teknotrends can help plan,
and deploy an effective logging strategy for your organization.
:
VA for desktops, web servers, databases
Vulnerability assessment tools help one find vulnerabilities in various services. The field has grown to the extent that there are specific VA tools now available for testing vulnerabilities in web services, in databases. Further, there are two kinds of VA tools --- network based and host based. Also, these tools have to be run periodically so that newly found vulnerabilities are detected. On detecting vulnerabilities, they need to be patched. This could involve deploying vendor patches or reconfiguration of systems or boths; sometimes a service may need to be stopped. Teknotrends can do VA testing, and patch management for various kinds of services.
Penetration
testing is the art of breaking into a system from outside. Penetration testing
helps one find out if one’s system is breachable. Using open-source tools
such as the Metasploit framework, as
well as port scanners and VA tools, Teknotrends team can do penetration
testing into systems to find out how secure your system is.
File systems integrity checks:
When
hackers breach into systems, they tend to replace executable. File system
integrity checks --- by computing MD5 hashes of files --- tell you if the
executables have been tempered with. Teknotrends’ team can deploy file
system integrity checking tools and ensure that you are alerted if any
important executable is tempered with.
Code
walkthroughs as well as running tools can reveal vulnerabilities such as
buffer overflows found in the code. Teknotrends’ team can conduct such
audits to ensure that code written is secure.
Given
that networks are turning wireless, security in wireless networks is becoming
an increasing concern. First of all, anyone can sniff what is going on in the
air; thus, effective encryption is a must. Also, good authentication is
necessary as anyone can try to break the authentication --- there being no
wired access, anyone can send packets to try to log into a network. Further,
denial of service attacks are also easily possible. Teknotrends can give an
effective wireless network security that involves encryption, authentication
as well as deployment of wireless intrusion prevention systems.
Content
filtering tools such as Websense allow an organization to prevent access to
unwanted sites and IP addresses. Teknotrends can come up with an appropriate
strategy for content filtering and deploy appropriate tools.
Checking for and eliminating rootkits:
Hackers,
once they breach a system,could install rootkits. Rootkits are executables or
dlls which conceal themselves, and hence they are not visible as processes.
There are tools that specifically check for rootkits; Teknotrends can check
for and eliminate rootkits from your
system.
Monitoring
of which processes are running on your system, knowing them is one of the
first basics of security. If one finds an unfamiliar process, it could be a
hacker running it. Teknotrends can monitor your processes periodically to find
any anomalies, and take preventive actions.
Working from home and remote locations has become
commonplace today. VPNs need to be deployed so that the network is secure; or
else Trojans and other malware can attack the machine which has a VPN client
and then enter the mainstream enterprise network. Teknotrends helps
you deploy effective remote VPNs.
Lots
of software products change startup scripts so that they are launched at
startup. Teknotrends can analyse your startup scripts and clean them of
launching unwanted softwares.
If
there is a breach, forensics comes useful. By analysing logs, and other
tell-tale signs left by hackers, one can figure out who has hacked into the
system and possibly the potential damage. Teknotrends team can do forensic
analysis to come to the root cause of the problem, and put together the
sequence of events that have happened.