March 29, 2017 admin

Services

29

Network Penetration Testing

IT network VAPT, or penetration testing, is an important task to be carried out by IT administrators. This is because of the rise in hacking attempts irrespective of the industry type. Attacks can happen from internally or externally with no or little knowledge of the network.

Penetration in Corporate Networks is essential because internal corporate LAN/WAN environments are structured to allow users greater amounts of access with fewer security controls, and this is exactly where the situation becomes exploitable. Any network design flaw or network and server vulnerabilities can result into exploitable areas which is a target of hackers. Multiple surveys indicate that most of the large scale firms and almost all mid-scale firms lack in corporate level cyber security implementations to protect themselves. However it may not be enough with changing times, and hence needs to be periodically tested via a form pen-test to ensure continued cyber security.

Website Penetration Testing

Exploiting website vulnerabilities is Number One problem in the world. This is solely because website are open to internet and hence can potentially expose sensitive data which interests the evil hackers.

Exploit Categories

  • Web server exploits
  • Web service exploits
  • Authentication problems
  • Configuration problems
  • Database related problems
  • Scripting related problems

Vulnerabilities Detected

  • SQL Injection
  • Cross Site Scripting (XSS)
  • Forms Input Forgery
  • Code Inection
  • Cookie Poisioning

Untitled
26

Cyber Crime Investigation

Today in the modern Cyber Era, where everything is getting dependent on Computers and Internet, the Crime rate is also increasing; where computer and other digital devices play a vital role. Today if you read any Newspaper or watch any news channel you’ll get to know about different type of Cyber Crimes.

Every day, there are thousands of victims who face different types of ‘Cyber Crimes’ due to which they have to suffer from sleepless nights. However, the question is that how many of them make a complaint with Law Enforcement and out of them how many file Court Case. In most of the complaints it has been found that victim just want the information about what has been exactly done with them or want to know the culprit who has done this Cyber Mischief due to which he/she has to undergo the mental harassment. This is the major problem due to which the Cyber Criminals move freely in front of each one of us.

Digital Forensics

Digital forensics has existed for as long as computers have stored data that could be used as evidence. For many years, digital forensics was performed primarily by government agencies, but has become common in the commercial sector over the past several years.

Digital forensics has three major phases:

  • Electronic Acquisition
  • Data Analysis
  • Information Presentation

The Electronic Acquisition Phase saves the state of a digital system so that it can be later analyzed. This is analogous to taking photographs, fingerprints, blood samples, or tire patterns from a crime scene. As in the physical world, it is unknown which data will be used as digital evidence so the goal of this phase is to save all digital values. At a minimum, the allocated and unallocated areas of a hard disk are copied, which is commonly called an image.

The Data Analysis Phase uses the acquired data and examines it to identify pieces of evidence. There are three major categories of evidence we are looking for:

  • Inculpatory Evidence: That which supports a given theory
  • Exculpatory Evidence: That which contradicts a given theory
  • Evidence of tampering: That which cannot be associated to any theory, but shows that the system was tampered with to avoid identification.

This phase includes examining file and directory contents and recovering deleted content. Our patent pending data analysis technique enables us to search for relevant information, develop insights and analyze the results very quickly. Our technology can perform analysis on digital content from multiple sources in various formats, structured or unstructured. Our techniques allow legal experts to spend more time developing their case instead of searching for information.

The Information Presentation Phase though is based entirely on policy and law, which are different for each setting. In this phase we present the conclusions and corresponding evidence from the investigation in our patent pending proprietary framework.

  • Electronic Acquisition
  • Data Analysis and Recovery
  • Network Forensics
  • Forensic and incident analysis of compromised machines

Businessman looks for the malicious code of a virus
configuration audit

Configuration Audit

S-link cyber solutions’s technical configuration audit process is highly customized to suit the organization’s network infrastructure.

The audit process broadly consists of auditing the perimeter devices, network devices such as firewall, routers, switches, load balancers, IPS, IDS and Server Systems such as Domain Controllers, File Servers, FTP Servers, Email Servers, Proxy Servers, Antivirus Servers and Databases comprising network architecture.

For all In-scope Hosts, S-link cyber solutions will analyze various components of identified operating systems using automated tools and manual techniques to identify known vulnerabilities in categories such as:

  • Security Patch Levels
  • File Permissions / Registry Permissions (if applicable)
  • Mis-Configurations
  • File Systems
  • Users / groups presents on the system
  • Services running
  • Network Configurations
  • Event Logging
  • Database Configurations
  • Version specific vulnerabilities

The technical audit checks will be selected specific to the devices, servers systems and databases under the scope.

S-Link Cyber Solutions Bunglow no. 12, Kalaniketan Hos. Soc., Chaitanya Nagar Corner, Near Janata Bank, Dhankawadi, Pune, Maharashtra 411043.
admin@slink.co.in
91-7522983993
Zerif Lite developed by ThemeIsle