AKS IT Corporate Presentation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
317
On Slideshare
317
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Established in 2006Providing services in the domain of Information Security, comprising of• Consultancy,• Compliance,• Network Security,• Application Security,• Cyber Forensics and• IT Security Training.Qualified, Certified ConsultantsSix years, more than 1250 Web Application Security AuditsAKS IT Services
  • 2. Our Services
  • 3. • Consulting and Compliance– Security Consulting & Implementation– Information Risk Management– ISO 27001 :2005 Implementation– ISO-22301 Implementation– Incident Handling– Compliance With Various Guidelines• Security Auditing– Network Security Audit– Vulnerability Assessment & Penetration Testing and– Web Application Audit– Mobile Application AuditHow We Help Our Clients
  • 4. • Cyber Forensics– Media Forensics– Network Forensics– Machine / Mobile Forensics– Cyber Crime Investigation– Fraud Investigation• Corporate Training– Security Awareness Training– Cyber Forensics Training– BCP/DR Workshop– Preparatory courses for CISSP & CISA CertificationHow We Help Our Clients
  • 5. Indian ComputerEmergencyResponse Team(CERT-In)Controller ofCertifyingAuthorities(CCA)Indian Air ForceNationalTechnicalResearchOrganizationNationalInformaticsCentreIndian ArmyA few of the organizations we are empanelled with:
  • 6. Vulnerability Assessment & Penetrationtesting Vulnerability Assessment Identify and understand the existing vulnerabilities Scan the targeted network(s) and host(s), based on the defined scanpolicy Collect the scan results and analyze for security loopholes,configuration errors, default installation settings, overlooked setups,password quality, firmware/software revisions, patch fixes, securitypolicy violations etc. Penetration TestingTesting and validation of detected vulnerabilitiesProvides independent analysis of your network to locate all exploitablevulnerabilitiesAdvise on the most effective solutions to secure network
  • 7.  Configuration Audit Study and analyze the Servers, Network Devices and SecurityDevice’s roles and configuration through configuration audit. Understand and evaluate the loopholes in the configuration, ifany. Facilitate in hardening of information systems. Network Performance Testing Evaluate the Bottlenecks, Protocol Utilisation, Broadcastingand Network Error in the network, identify their remedialsolutions and recommend implementation of the same tomitigate identified errors. Recommendations for Error free Network design. Top Ten Interfaces showing more bandwidth and protocolutilisation.
  • 8.  GAP AnalysisOur processes and methodology are benchmarked against industrybest practices and established standards. In this phase, a thoroughsecurity assessment will be carried out with two goals in mind:Identifying the present “As – Is” status vis –a – vis the desiredbenchmark, and their impact on Information Security.The ambit of this includes:- Administrative Security Physical Security Logical Security Processing Security Business Continuity Management (BCM) Identify gaps in the existing controls
  • 9. Web Application Security TestingThe Standard used for Web Application Security Testing isOWASP (Open Web Application Security Project). The OWASP2010 represents a broad consensus about what are the mostcritical application security flaws.OWASP 20101. Injection Flaws2. Cross Site Scripting (XSS)3. Broken Authentication and SessionManagement4. Insecure Direct Object Reference5. Cross Site Request Forgery6. Security Misconfiguration7. Insecure Cryptographic Storage8. Failure to Restrict URL Access9. Insufficient Transport layerprotection10. Invalidate Redirect and Forwards
  • 10. Methodology Understand the scope and purpose of the Website. Review the WebApplication structure and specifications so as to understand the basicdesign of the Website. For the Web Application under review, identify, document andunderstand the "high value objects" that a malicious attacker wouldseek to steal or exploit (e.g., user IDs, customer data, passwords). Devise attacks or methods using proprietary AKS IT© techniques toobtain the desired data objects. Once Web Application security is handled, check if a valid/invalid usercan use the Web Application in a manner so as to subvert theunderlying security model of the system. Various attacks are devised on each component and then relevantvulnerabilities are demonstrated.
  • 11.  Core Impact – The most comprehensive penetration testing solutionfor assessing and testing critical security vulnerabilities throughout theorganization. Immunity Canvas – Canvas is a trusted security assessment tool thatallows penetration testing and hostile attack simulations to beconducted by security professionals. Canvas offers a level of exploitquality, availability, and real-world use unparalleled by anycompetitors. Metasploit – It is a solution for security professionals inenterprise, government & consulting firms who need to reduce costs bymaking network security testing more effective & efficient. MetasploitPro improves the efficiency of the penetration testers by providingunrestricted remote network access and enabling teams to efficientlycollaborateOur Range of Products
  • 12.  Nexpose - It is a vulnerability assessment, policy compliance andremediation management solution designed for organizations withlarge networks which require the highest levels of scalability,performance, customizability and deployment flexibility. Nessus - It is the industry’s most widely-deployed vulnerability andconfiguration assessment product. Nessus features are high-speeddiscovery, configuration auditing, asset profiling, sensitive datadiscovery, patch management integration, and vulnerability analysis ofyour security posture. Acunetix - Acunetix web vulnerability scanner is a tool designed todiscover security holes in your web applications that an attackerwould likely abuse to gain illicit access to your systems and data. Theapplication can be used to perform scanning for web and applicationvulnerabilities and to perform penetration testing against theidentified issues.
  • 13. Mobile Forensics Oxygen Forensic Suite – It is mobile forensic software that goes beyondstandard logical analysis of cell phones, smartphones and tablets. Use ofadvanced proprietary protocols and phone APIs makes it possible to pullmuch more data than can be extracted by forensic tools utilizing standardlogical protocols, especially for smartphones. Susteen Secure View 3 - It provides affluent data to the mobile phoneforensic investigator or instructor with the foundation for lawenforcement, military/civil, consultant, corporate, and educationinstitutions to perform advanced, proficient mobile device investigations incorporate IT, security, or criminal situations. Paraben’s Device Seizure - Device Seizure is designed to allowinvestigators to acquire the data contained on cell/mobile phones,smartphones, tablets, GPS, iPhones/iPads/iPod Touch/iPods, and PDAdevices without affecting data integrity. With mobile phones, it is designedto retrieve data such as phone numbers, sms, pictures, call history, and fulldata dumps.Forensic Products
  • 14. Computer Forensic TD2 - This second-generation product was engineered for standaloneforensic acquisitions in both field and lab settings, natively imagingboth SATA and IDE/PATA hard drives at drive limited speeds up to9GB/min, in a 1:1 or a 1:2 (aka, “twinning”) configuration. One canimage SAS, and USB storage devices with TD2 by using the TableauProtocol Modules. Encase - It is a investigation solution, is for forensic practitioners whoneed to conduct efficient, forensically sound data collection andinvestigations using a repeatable and defensible process P2 Commander - It is a computer forensic solution for examiners whoneed affordable, reliable digital analysis for computer investigations.Built to process large volumes of data in a fast and efficient manner, P2Commander is known for its advanced email and chat log analysis.Continue…
  • 15.  Network E-mail Examiner – Paraben’s Network E-mail Examiner is anadvanced network email archive analysis and conversion tool. ExamineMicrosoft Exchange (EDB), Lotus Notes (NSF), and GroupWise e-mailstores without the need for a long and painstaking restore process.Analyze, search, and report on pertinent data within the emaildatabase and export to many mail formats including PST. Chat & Email Examiner – Paraben’s Chat Examiner is anotherspecialized component of Parabens P2 Forensic Collection that addsone more powerful program to your toolkit. Whether your case hasICQ, Yahoo, MSN, Trillian, Skype, Hello, or Miranda youll be able tohandle whatever comes Passware Kit Forensic - This advanced password recovery suiteallows you to recover more passwords, from more programs, in ashorter amount of time using many different methods including theadvanced XieveTM attack method, distributed computing, and livememory acquisition.
  • 16.  AKS IT provides the customized forensic workstation as per therequirements of our customer. It can be of 2 types - One can set up forensic workstation in their lab itself . Another one is a forensic laptop which we can carry to the crime spotfor acquisition and analysis of data. It comes in a rugged carrying case.Forensic Workstation
  • 17.  ALSTOM, Andhra Pradesh Technology Services Ltd (APTS), Bharti Airtel, Central Board of Secondary Education (CBSE), Ericsson, General Insurance Corporation, HCL, Indian Railways, National Informatics Centre (NIC), NTPC, Ranbaxy, TCS, WIPRO.. and many moreSome of our Clients
  • 18. ThankYouAKS IT SERVICES (P) Ltd.E-52, Sector-3, Noida, 201301