Security Consulting Services
Unlike most computer security consultants which are narrowly focused on offering technology to "protect the network," I am dedicated to helping individuals and businesses protect vital information. I do this through on-site consulting, training and product demonstrations with a goal of showing how information loss occurs and how it can be stopped. I can also assist with the selection of computer and network security products and because I am not affiliated with any product companies, I can offer unbiased advice about how to select the best security solutions.
Security Services:
| System Security Analysis | Of all services offered, this service is more suited to the individual user. I will analyze your system for vulnerabilities, which include: viruses, spyware, trojans, and keyloggers. I will train you on how to install and employ anti-virus tools, spyware removal tools and other privacy tools that are geared towards protecting your personal information. |
| Cyber Threat Hunting | Cyber threat hunting is a proactive and iterative search methodology in which an analyst searches through a network to detect and isolate advanced threats that evade existing security solutions. One of my primary goals is analyzing "normal traffic" to detect unknown or suspicious traffic within a network. This allows for a more focused investigation of potential malicious activity to determine what type of threat it poses to the organization. During this process, it is also possible to identify ongoing attempts of an adversary to further establish a persistent foothold in your network infrastructure. |
| Network Security Testing | Potentially, any device with access to the Internet is an open door to would-be hackers. I provide vulnerability assessments during which I map the network architecture, examine all open ports, hosts and services with access to the Web, and ensure that these network devices are secure. Following all vulnerability assessments, I use the information gathered to prepare a thorough vulnerability analysis and offer recommendations for strengthening network security. |
| Intranet Security Testing | While outside threats must be guarded against, businesses must also protect against potential threats from within their own networks. Using many of the same techniques and procedures as Network Security Testing, I provide Intranet risk assessment and analysis to protect against the potential threat posed by insiders. Depending on the client's needs, intranet security testing can be performed by me under varying degrees of disclosure of network information from the client, for example with or without network accounts. |
| Wireless Assessment | Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. I evaluate how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, I examine the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network. |
| Web Application Assessment | This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. I can test these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. I also conduct source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web. |
| Database Assessment | I provide vulnerability analysis on databases. Poor database design can cause critical data loss or exposure to sensitive data. Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. I test database integrity to determine whether any vulnerability may compromise this sensitive information. |
| Source Code Analysis | I conduct source code analysis protecting your website from SQL injections, XSS scripting and many other vulnerabilities. I can also scan desktop and network applications for vulnerabilities ranging from memory leaks to buffer overflows. |
| Application Scanning | Software you purchased for your company from rogue vendors or software created locally by inexperienced developers could contain numerous vulnerabilities or flaws. I conduct application scanning and threat assessment on your purchased or locally created software. This service is not only applicable for businesses, but can be very important for home users also. |
| Physical Security Testing | Access to confidential information can often be obtained by simply gaining physical access to company premises. I conduct on-site surveillance to assess physical security and use social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system. |
| Forensics | In addition to preventing future attacks, I can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion. |
If you require any of these services or just want to query me about other services that I might offer, please contact me.