Information Security Services
- Penetration Testing
- Vulnerability Assessment
- ISMS Policy Templates
- ISO 27001 Consultancy
- BCP & DR Consultancy
- IT Audit consultancy
- SIEM Solutions
- Virtual Private Network
- Email Security
- Data Protection
- Network Security
- System Security
Do you want to protect your systems and network?
Ways to Protect your data
- Assess the inventory and risk
- Update systems with latest service patches and Signatures
- Use Firewall's and Anti virus program
- Implement ISMS policies
- Restrict downloading dubious software
- Access controls and authorization
- Block the removable mediums
Password Attack Methods
- Dictionary Attack
- Hybrid Attack
- Brute Force
_________________________
iSquare Pentesting Process
iSquare Systems Penetration Testing - Pentest
What is a penetration test?
- Way to identify vulnerabilities that exists in a system or network
- Method of evaluating the security of a computer system or network by simulating an attack from a malicious source
Why to conduct a penetration test?
- To Identify vulnerabilities and quantifying their impact
- To Prevent financial loss
- To Prove due diligence and compliance
- To Protect corporate brand
- Achieve customer confidence
- Maintain business reputation
- Avoid losing business
What can be tested using Penetration Testing?
- Application Testing
- Portal Testing
- Network Testing
- Infrastructure testing
- Wireless Networks
- Telephone, IP Phones & VoIP
- Application Code Reviews
Types of Penetration Testing?
- Full knowledge test.
- Partial knowledge test.
- Zero knowledge test.
Methods to Gaining System Access
- Phishing
- Session hijacking
- Password cracking
- Sniffing
- Direct physical access to an uncontrolled machine
- Exploiting default accounts
- Social engineering
- Social Networking
Black box vs. White box
Black Box Testing we use only client web address to Identify the vulnerabilities and subsequently quantifying the impact.
White Box testing, we use authentication and authorization using client provided account/ access to assess the flaws.
Pentesting tools
- Nmap
- Nessus
- Wireshark
- Snort
- Kismet
______________________________________________________
- Stage 1 – Documentation Review
- Stage 2 – Implementation Audit
iSquare ISO 27001 ISMS Consultancy
ISO 27001 (ISO/IEC 27001:2005)
ISO 27001 is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC)
ISO 27001 Stages
ISO 27001 usually conducted in at least two stages, both to identify compliance to ISO 27001:2005