Security Elements

Firewall

A firewall is a basic part of any firm’s security that protects systems within internal networks and separates infrastructure into security segments, or zones.


The times when using simple packet filters sufficed are long gone. Today, firewalls need to include a series of other active elements, such as IPS, HTTP/HTTPS Proxy, and a VPN concentrator to offer employees secure remote access to the internal network.

How can we help install your firewall?
  • We propose separating the system into individual security zones.
  • We select, install, and configure the appropriate hardware.
  • We train personnel to fully administer the new equipment.
Firewall

EWA Application Firewall

EWA WAF (Web Application Firewall) is a combined solution for protecting websites from attack.


Most application firewalls come in the form of an appliance, which is a piece of hardware installed in the customer’s network. This shifts the responsibility for its operation and dealing with incidents to the client, which brings significant costs, especially in terms of personnel.

EWA WAF is a simple solution to this problem: Let our specialists take care of your security.

This solution meets a multitude of strict standards, including PCI DSS.

The application firewall provides protection from common types of website attacks such as:
  • SQL injection
  • Cross-site scripting (XSS)
  • (D)DoS attacks
  • Slowloris
  • Slow headers
  • RUDY, etc.

EWA WAF is built on Open Source technologies with ModSecurity detection tools using OWASP CRS v3 rules that are supplemented by protection from threats we have encountered.

EWA Application Firewall

Network security monitoring

Network Security Monitoring – NSM – is indispensable for maintaining control over your network.


NSM helps:
  • Monitor security incidents within your infrastructure
  • Detect details of configuration anomalies and strange behavior by components
We use technologies that support integration with many commercial solutions:
  • ET Pro ruleset or Snort ruleset for the Intrusion Detection System (IDS).
  • Scanning files within the network using VirusTotal Private API.
  • Automatic filing of tickets in Atlassian Jira.
Our NSM solution is made up of two main components:

1) A Sensor

  • Ensures detection of network anomalies by collecting data from sessions and recording all network operation for set periods of time.

2) Security Information and Event Management (SIEM)

  • Bundles detected events
  • Describes events according to client demands
  • Automatically escalates events as incidents
  • Notifies responsible individuals or aggregates information into reports

The flexible API allows various logs to be integrated into the SIEM from various network elements (system logs, application logs, firewall logs, and Honeypot or individual IDS/IPS solution logs).

But we know that security infrastructure cannot be completely covered by a simple appliance! That’s why we provide the element as part of a complex solution that includes:
  • Proposal of network monitoring points
  • Selection of appropriate hardware for a given architecture and helping determine client demands for the Sensor and SIEM
  • Installation of all components
  • Setting detection rules and notifications according to client specifications
  • Training personnel
Network security monitoring

Interested in our security elements?

Contact us

Security Services

Vulnerability assessment

A vulnerability assessment identifies, classifies, and evaluates potential security weaknesses in systems and applications.


The test is performed using special tools called vulnerability scanners that detect weaknesses within a tested infrastructure. Reports from automated tests can include a relatively large number of false-positives. That’s why automatic scans also require an analysis of all results and manual validation.

OUR ADVICE:

We recommend using vulnerability assessments when acquiring a company as it simplifies orientation in the new infrastructure.

However, a vulnerability assessment isn’t a substitute for a penetration test!

Vulnerability assessment

Penetration testing

Penetration testing probes how to acquire access to key elements in your network.


The test is performed without knowledge of the infrastructure or assistance from people on the inside in order to simulate a real attack as realistically as possible. The tests can be limited in scope, which is something we don’t recommend because hackers won’t set limits either! :-)

Penetration tests usually cover the following areas:
  • Social engineering – an attack using human behavior and corporate processes
  • Web application tests
  • External network infrastructure and service operation tests
  • Wireless network penetration tests

We can also add a mobile application test, as well as checking resilience to (D)DoS attacks and web application stress tests. We recommend (D)DoS resilience tests in cases where a firm has some form of (D)DoS defense that needs to be probed.

Methodologies used in the tests:
The test produces executive reports that include:
  • A summary ordered by risk level, which helps sets priorities
  • A detailed technical analysis of problems to help implement effective countermeasures
Penetration testing

Incident response and foresic analysis

If you suspect that your security has been breached, a forensic analysis should be undertaken.

 
How to proceed?
  • We analyze artefacts from the system.
  • We retrieve erased files.
  • We remove malicious software from memory, foiling sophisticated attempts at disguising it from run-of-the-mill forensic tools.

The result of the analysis is a detailed report summarizing the attackers’ activity within applications or systems compiled from the evidence collected. This information helps to implement the proper corrective measures.

Incident response and foresic analysis

Interested in our security services?

Contact us

Consulting and Training

Security Awareness Training

Security begins and ends with the user! Our Security Awareness Training introduces fundamental aspects of securing computer systems.


Most of today’s attacks take advantage of mistakes made by a user, either by opening a dangerous file in an email attachment or allowing an unauthorized individual into the building.

We use practical examples to teach users how to recognize and rebuff social engineering attacks.

The all-day training discusses:
  • Physical security
  • Basics of computer security
  • Backing up data
  • Phishing attacks
  • Social engineering
  • Passwords and their administration
  • Protection of personal data
  • Malware
  • Reporting security incidents
Security Awareness Training

Web application security training using OWASP

How can you secure your website?


This two-hour training session points out the most common weak points in web applications and describes our recommendations for avoiding them. The session goes through all the main points of OWASP methodology.

The training is designed for:
  • Developers
  • Coders
  • Analysts
  • QA testers
  • Project managers.
  • UX specialists.
Web application security training using OWASP

Introduction to the personal data protection law

This one-hour session clearly outlines the main points of the law on personal data protection.


The regulations affect the operation of various types of web applications, such as:

  • Eshops
  • Betting sites
  • Banking applications
  • Client portals and many others…

​The training includes a simple overview of the rules and best practices associated with the planned implementation of GDPR norms.

Introduction to the personal data protection law

Interested in training or would you like us to consult on one of your projects?

Contact us