The necessity for security on the wire has been growing exponentially over the past several years. Threats are increasing because of the following factors:
- Proliferation of viruses and trojans
- Wireless LANs
- Complexity of today's networks
- Frequency of software updates
- Ease of hacking tools
- The nature of open source
- Reliance on the Internet
- Unmonitored mobile users and telecommuters
- Marketing demands
- Industry regulations
- Administrator trust
- Business partnerships
- Cyber warfare
We are trained Cisco certified experts, with many years of experience configuring Cisco networks in small- and medium-size businesses, as well as large enterprises. We will have a snabbr network technician evaluate your business needs, and configure the necessary routing/switching you need. We promise a fast, secure network architecture configuration, using smart routing technologies to keep your company up and running with minimal downtime. Our team has experience with cisco firewalls, Access List Control, policy-based routing, QoS, VPN, advanced routing protocols, redundancy (HSRP, VRRP), and more. Contact us for more information.
The Internet is forever changing, as described in the Overview. With these changes come the risks of malicious intrusions. An intrusion can be a deliberate unauthorized attempt to access sensitive information, manipulate said information, or render a system unreliable/unusable. Intrusion detection provides a way for you to quickly be alerted to any unauthorized access to your servers, for whatever reason.
A well-configured intrusion detection tool can log all malicious attempts to gain unauthorized access and exploit any known vulnerabilities on your network. We can set up simple logging (to file or database) of any malicious attempts, configure email/SMS alerts for system/service failures, and auto-block the IP addresses of any remote malicious user.
Logging can provide you with detailed information on who is connecting to you, what they're attempting to do, and alert you to any vulnerabilites that may need patching. Other types of monitoring we can deploy include bandwidth usage on your network, and real-time alerts of down hosts and services.
In today's world, the protection of clients' confidential information while maintaining a public Internet presence can be difficult. The professionals at snabbr can mitigate such risks with penetration testing for vulnerability assessment. There are a few things to keep in mind when taking this approach. First of all, there are three types of tests we can perform:
- Black-Box Test
We would have no prior knowledge of your company's network. We would, for example, be provided a with a website address or public IP address and told to attempt to crack the website as if we were a malicious hacker from the outside.
- White-Box Test
We would be given a detailed schematic of the internal company's network infrastructure and told to break in. Although this approach isn't most like a real world situation, it does provide your company with a worst-case scenario.
- Gray-Box Test
This type of test is used to simulate the possibility of a rogue employee within the company. We would be given an account on the internal network, and assess any internal threats from within the company.
Tests will require several hours to complete, and will result in a full detailed report of what was found. A penetration test will go through the following stages:
In the event of a black-box test, we would determine what kind of information about your network can be obtained from the outside. This will mostly include social engineering tactics, and determining the IP range of the network through DNS zone transfers.
In this stage of the process, we will perform scans on your network to determine what services your company is running, and on what operating system(s). This will also include a scan for vulnerabilities. It is vital to know if you allow DoS attacks during this process. Various scanning techniques can lead to a denial of service, in which the system will likely crash, the administrator be notified, and tactical strategy gone. More on DoS
- Obtaining Access
Exploitation of the weaknesses discovered in the scanning stage.
- Maintaining Access
An important decision required of you, is whether or not Trojans/back doors be allowed during our testing process.
- Erasing Evidence
Most [thought-out] attacks go unnoticed because the attacker knows how to cover his/her tracks. There are ways to secure your logs so that they are tamper-proof.
Upon completion of our testing, it is up to you wether you want any vulnerabilities patched. The types of results and benefits to expect as a result of such a test include, but are not limited to the following:
- System anonymity
- SQL injection attacks
- TCP session hijacking
- Database security
- Intrusion detection
- Alerting system
The Ten Commandments of Computer Ethics
Here at snabbr, we stand true to the following commandments as proposed by the Computer Ethics Institute:
- Thou shalt not use a computer to harm other people.
- Thou shalt not interfere with other people's computer work.
- Thou shalt not snoop around in other people's computer files.
- Thou shalt not use a computer to steal.
- Thou shalt not use a computer to bear false witness.
- Thou shalt not copy or use proprietary software for which you have not paid.
- Thou shalt not use other people's computer resources without authorization or proper compensation.
- Thou shalt not appropriate other people's intellectual output.
- Thou shalt think about the social consequences of the program you are writing or the system you are designing.
- Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.