header

Software Development
Services

We offer offshore software development, e business consulting and web design services. We specialize in PHP/Perl Development as well as LAMP technologies...

Read More...
customisation

Creative Arts

Bring life to your imagination and dreams. Our innovative creative arts team transforms your ideas and visions to inspirational and unique Graphics design. We focus on HTML and full Flash/Flex based site design. We follow international standards in design and coding, to ensure multi browser compatibility.

Read More...

Moneyback Guarentee

Moneyback Guarantee on all support plans incase you're not satisfied with our service.

Read More...

Affiliate Programme

Start making money from advertising. Partner with us and earn upto 20% in every recurring payment made by your referral. Partner with us to make your every dream a reality...

Read More...

CYBER SECURITY AND NETWORK SECURITY POLICIES

The information technology is a double edge sword, which can be used for destructive as well as constructive work. It seems everything in our daily life relies on computers and the Internet now — communication (email, cell phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records) etc. Lot of our personal information is stored either on your own computer or on someone else's system.

There are many risks, some more serious than others. Among these dangers are viruses erasing your entire data, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What is cyber security?

Cyber security involves protecting the cyber resources you have stored on your computer or some one else’s by detecting, preventing and responding to attacks.

Internet Crimes:

The main categories of internet crimes are Denial of Service attacks, Online gambling, Physically damaging a computer, Salami attack , Sale of illegal articles, Theft of computers, Data diddling, Cyber Pornography, Web Jacking, E-Mail Bombing , Financial Crimes , Internet time theft , Theft of info contained in electronic form , Threatening mails , Trojan Attacks , Unauthorized access to computer systems & Networks , E-mail spoofing , Logic bombs , Cyber stalking , Defamation & mischief , Virus/worm attacks , Intellectual property crimes ,Theft, fraud and forgery.

Protect yourself


• Understand the type of cyber crimes and security risks
• Safeguard computer and information
• Lock the computer when you are away from it.
• Disconnect from Internet when you aren’t using it.
• Recognize the risks and become familiar with some terminology like Hacker,    Attacker, Intruder, Malicious Code etc.
• Adopt Good Passwords policy.
• Develop safe browsing plans
• Select service providers appropriately
• Select software judiciously
• cautious on e-Mail and online trading
• Install Required Antivirus Software and keep it up to date.
• Set Firewall to restrict outside access. ( Hardware or External Firewall and Software    or Internal Firewall)
• Evaluate your security settings.
• Backup your data.
• Consider creating separate user accounts.
• Follow corporate policies for handling and storing work-related information.

Guidelines for Publishing Information on Internet

Expect that people you have never met will find your page even you set access restrictions to the information publishing online. Think twice before deciding how much information to reveal, realize that you are broadcasting it to the world. Supplying your email address may increase the amount of spam you receive. Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack

Once you publish something online, it is available to other people and to search engines. You can change or remove information after something has been published. Even if you try to remove the page(s) from the internet, someone may have saved a copy of the information and may use for some other purposes.

Let your common sense guide your decisions about what to post online, as a general practice. Before you publish something on the internet, identity theft is an increasing problem, and the more information an attacker can gather about you.

Email & Communications

• Choose an email client.
• Using caution with email attachments.
• Benefits & Risks in free email services.
• Reduce Spam.
• Benefits of BCC.
• Benefits of Digital Signatures

Instant Messaging & chatting

• Identities can be elusive or ambiguous.
• Users are especially susceptible to certain types of attack.
• We don’t know who else might seeing the conversation.
• The software may contain vulnerabilities.
• Default security settings may be inadequate.

Social Network Sites

• Use separate email id.
• Limit the amount of personal information you post.
• Be wary of strangers.
• Be skeptical.
• Check privacy policy.

Software and Applications

• Understand Patches
• Understand VoIP
• Risks of File-sharing Technology.
• Review End-User License Agreements

Mobile Devices

• Protect Portable Devices: Physical & Data Security.
• Defend Cell Phones and PDAs Against Attack.
• Bluetooth Technology - allow devices for wireless communication.
• Disable Bluetooth when not in use.
• Use Bluetooth in hidden mode.
• Be careful where you use Bluetooth.
• Evaluate the security settings.

NETWORK SECURITY POLICIES

Network security is critical concern for enterprises, government agencies, and organizations. Today’s advanced threats demands network security with a methodical approach.

Every department in an organization relies on the network for applications and for communications, not only e-mail and messaging, but soon telephony as well. The aim of network security is to ensure that applications can do their jobs without interrupt and that applications have the network bandwidth and the availability needed to support the operations of the company.

There is also a broader perspective on network requirements. It includes security as well as availability, bandwidth and control. We call it network integrity. This is the real goal behind securing a network. When the network is functioning properly, providing applications with the bandwidth and availability they need, then the network has integrity, and security is doing its job, even when the network is under attack.

Layered-security approach

The layered-security approach refers on maintaining appropriate security measures and procedures at five different levels within your IT environment:

1. Perimeter
2. Network
3. Host
4. Application
5. Data

I. Perimeter Differences

Keep your perimeter security, including firewalls, intrusion-detection systems and antivirus filters and use these defenses to keep bad traffic off the network. But don't fool yourself into thinking that a secure perimeter equals a secure network. Make sure you still have resources for the next three layers of security.

Applicable security measures are :

1. Firewall

A firewall is a barrier to keep destructive forces away from your property. It is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

A firewall performs 3 functions
• Traffic control
• Address Translation
• VPN Termination

1. Firewall

A firewall is a barrier to keep destructive forces away from your property. It is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

A firewall performs 3 functions
• Traffic control
• Address Translation
• VPN Termination

2. Network based Antivirus

Installed in the DMZ, network based antivirus software compares incoming and outgoing e-mail message content to a database of known virus profiles. It is a complement to anti-virus protection performed on the e-mail server and individual desktops. The database of known viruses must be kept up-to-dated.

3. VPN encryption

VPN uses high level encryption to create secure connection between remote devices and destination networks. It creates an encrypted tunnel across the internet approximating the security and confidentiality of the private network. VPN tunnel can terminate on a VPN enabled router, firewall or server within the DMZ. Enforcing VPN for all remote and wireless connections is important and best practice, which is relatively easy and inexpensive.

II. Network integrity systems layer.

This is a critical area between your perimeter and your application defense systems. By applying intelligent traffic management in this layer, companies can not only minimize the effects of attacks that get through the perimeter; they can also intelligently manage surges of legitimate traffic and surges from problematic applications such as instant messaging and peer-to-peer file-sharing.

Applicable security measures are :

1. Intrusion detection systems and intrusion prevention systems ((IDSs & IPSs)

IDS analyze traffic and compare each packet to a database of known attack profiles. It inspects the packets within network traffic where as Anti-virus inspects files; indicates better protection. IDS alerts the administrator about the attacks occurred. But IDS only detects malicious data/traffic.

IPS analyzes the packets for threat and prevents such items from entering into your network. It detects and prevents malicious data/traffic.

2. Vulnerability Management)

Vulnerability managers scan devices on the network for flaws and vulnerabilities that could be exploited by hackers or harmful traffic. They maintain a database of rules that identify known vulnerabilities for a range of network devices and applications.
During the scan the system tests each device/application by applying the appropriate rules.

3. Network Access Control

Network Access Control solutions protect the network by ensuring that end points meet defined security standards before they are allowed to access the network. This protects the network from being attacked “from the inside” via compromised employee desktops/laptop and VPN & RAS devices.
Endpoint security solutions allow or deny access based on tests run against a device when attempts to connect.
NAC normally test for,
(i) required software such as service packs, up-to-date anti-virus definitions etc. and
(ii) prohibited applications such as file sharing and spyware.

4. Access Control/User Authentication

Access Control authenticates the users who access network. Authentication is typically performed against the user information in a RADIUS / LDAP / Active Directory. Both, users as well as devices should be controlled by access control measures at the network level.

II. Network integrity systems layer.

These security systems in Host Integrity Layer, protect configurations on hosts and include host-based antivirus applications, intrusion-prevention software, spyware tools and personal firewalls. As the innermost layer of security, these products provide "last-resort" security for applications.

Applicable security measures are:

1. Host-based intrusion detection systems (HIDSs)

HIDSs perform similarly to network IDSs but the key difference being that they monitor traffic on a single network device. Host-based IDSs are fine-tuned to the specific operational characteristics of the host device and therefore provide a high degree of protection when properly administered.

2. Host-based vulnerability assessment (HVA)

Host-based VA tools scan a single network device for security vulnerabilities. Host-based VA tools are fine-tuned to the devices they monitor. They are extremely accurate and make minimal demands on the host’s resources. Because they are configured specifically for the host device, they provide an excellent level of coverage when properly administered.

3. Network access control

Network access control solution has double function, protecting both the network and individual hosts. These solutions continually check the host for harmful applications and infections and verify that required security measures, such as anti-virus and personal firewalls are installed and up to date.

4. Anti-Virus

Device specific anti-virus applications provide an additional layer of protection within the network.

IV. Application gateway layer

Security Application Layer focuses on the contents of traffic reaching applications. Web application gateways, e-mail spam filters, XML security systems and Secure Sockets Layer virtual private networks et ensure that application traffic is clean, efficient and secure. Poorly protected applications can provide easy access to confidential data and records.

Applicable security measures are:

1. Application Shield

It is an application level firewall, which ensures that incoming and outgoing requests are permissible for the given application. Commonly installed on Web Servers, e-Mail Servers, Database Servers etc. an application shield is transparent to the user but highly integrated with the device on the backend. It is finely tuned to the host device’s expected functionality

2. Access Control/User Authentication

Only authorized users are allowed to enter the application.

3. Input Validation

Input Validation measures verify that application input traveling across the network. This is crucially important for web applications, that any interaction between people and a user interface can produce input errors or be exploited if the proper security measures are not in place. In general, any interactions with your Web server should be considered unsafe.

4. Anti-Virus

Device specific anti-virus applications provide an additional layer of protection within the network.

V Data Layer

Data-level security refers a blend of policy and encryption. Encrypting data where it resides and as it passes through network is a recommended best practice because, if all other security measures fail, a strong encryption scheme protects your proprietary data. Data security is highly dependent on organization-wide policies that govern who has access to data, what authorized users can do with it, and who has ultimate responsibility for its integrity and safekeeping.

Applicable security measures are:

1. Encryption

Data encryption schemes are commonly implemented at the data, the application, and the operating-system levels. All schemes involve encryption /decryption keys that all parties accessing the data must have. PKI, PGP, and RSA are common encryption strategies.

2. Access Control/User Authentication

Like other application-level authentication, only authorized users are given access to the data.

Conclusion

Security attacks will become more frequent and more virulent in coming years. Investing in signature-based security systems is of limited use. A wiser practice is to develop a multilayered security architecture that recognizes the strengths and the limitations of each type of security product. When deployed effectively, this layered approach creates a network that can withstand not only security attacks, but also unpredictable surges of legitimate traffic. By investing in network integrity, you can improving the network bandwidth and availability your applications safe and secure.