Information Security

Home/Information Security
Information Security 2017-06-09T15:35:22+00:00
audit

Security Audit

Assessment results will identify the most important and critical IT threats and risks for business processes for their further elimination. The main purpose of a security evaluation is to discover weak points in the architecture of IT infrastructure. Such weaknesses quite often remain undiscovered after a penetration test, as the main purpose of penetration test is to bypass existing security mechanisms, but not to check the entire architecture.
  • Network Architecture and Configuration

  • Hardware Firewalls and Routers Configuration

  • User Authentication and Access Management

  • Updates and PatchesManagement

  • System Configuration

  • System Services and Applications Configuration

  • Antivirus Software Management

  • Confidential Data Handling and Encryption

  • Backup System Management

  • Local Security Policy Review

  • Presence and Qualification of
    Internal Incident Response Team

audit

Ethical Hacking

Ethical Hacking is a preventive approach to Information Security. Totally vendor and product independent, we are committed to bring the highest quality of service to our clients. Our Ethical Hacking services are represented by various types of manual Penetration Tests
  • Internal: Client-Side Applications Attack,
    Trojan Horse Attack, Malicious Employee
    Attack

  • Social Engineering and Phishing, Malicious
    or Unauthorized Content

  • War Dialing / PABX Attacks, Physical
    Security

  • Enhanced: Lost or Stolen Portable Devices,
    Attacks from Trusted Networks

  • Attacks on Wireless Networks, Smart
    phones Attacks

  • External: DMZ / Front-Side Attacks, Web
    Application Attacks

Penetration Tests

A penetration test, also known as pentest, is a simulation of a hacker attack on a network, system, application or website, used to discover existing vulnerabilities and weaknesses before hackers find and exploit them. In other words a penetration test is an independent security evaluation of your IT infrastructure. Despite some popular belief, penetration testing is very different from vulnerability scanning. Instead of simply trying to identify vulnerabilities through fast and automated manners, a pentest is far more realistic and deeply relies on manual Ethical Hacking concept. It is also more comprehensive than cheap vulnerability scanning as it addresses several important security aspects, such as the exploitation process and privilege escalation phases, as well as the steps involved into maintaining access to the targeted infrastructure. At BQS, we really think that nowadays only an offensive security approach can bring you the certainty to be well protected against hackers.
audit

Penetration Testing Methodologies

  • Black Box Penetration Test
  • White Box Penetration Test
  • Gray Box Penetration Test
  • Penetration Testing Standards
    LPT (Licensed Penetration Tester
  • methodology from EC-CounciOSTTMM
  • (Open Source Security Testing
    Methodology Manual)
  • OWASP (Open Web Application
    Security Project)
  • ISSAF (Information Systems Security
    Assessment Framework)
  • etc..

Look for some news…

  • ransomware

Ransomware

October 18th, 2016|0 Comments

New infection - is a new ransomware released by a malware developer. It is going by the alias of EvilTwin or Exotic Squad. It was discovered by MalwareHunterTeam team recently on October 14th. Basically this [...]

  • phishing tactis

Phishing – New Tactics

October 4th, 2013|0 Comments

Introduction Phishing remains a major security threat to businesses and their customers around the world—and the threat keeps ris-of 2012 saw a 19 percent increase in global phishing attacks, with businesses suffering an estimated $2.1 [...]

Malware Analysis

Quite often during an incident forensics process Trojan horses, viruses, worms, rootkits and other malware are detected. It is very important to understand the behavior of a malware in order to trace the attackers, understand how the system was compromised, and find out which information was copied, deleted or modified.
During reverse engineering of a malware, certified experts of BQS will analyze malicious binary’s behavior and activities. Malware can be an executable file, system library, LKM (Loadable Kernel Module) or binary patch for system kernel. In some cases malware binary can be protected by hackers from reverse engineering and encrypted – in this case first step of investigation process is to bypass this protection.
audit

M.A. Methodologies

  • Creation of a secure sandbox (absolutely isolated and controlled environment)
  • Implementation of network and local monitoring of the created sandbox
  • Preparation of conclusion and detailed report with results
  • Execution of malware on the sandbox
  • Modulation of all possible conditions on the sandbox to activate hidden functions of malware
  • rofound analysis of all malware’s activities and behavior
  • etc..

Name *

Email *

Join to us

Contact us