PDF Print E-mail

Security

Our security related services delve deeper into the security features, capabilities, and risks associated with the most commonly deployed services. To be precise, we offer the following:

  1. Basic Service Security
    • SELinux
    • Host-based access control
    • Firewalls using Netfilter and iptables
    • TCP wrappers
    • xinetd and service limits
  2. Cryptography
    • TSIG (Transaction Signature)
    • Management of SSL certificates
    • Using GnuPG
  3. Logging and NTP
    • Time synchronization with NTP
    • Logging: syslog and its weaknesses
    • Protecting log servers
  4. BIND and DNS Security
    • BIND vulnerabilities
    • DNS Security: attacks on DNS
    • Access control lists
    • Transaction signatures
    • Restricting zone transfers and recursive queries
    • DNS Topologies
    • Bogus servers and blackholes
    • Views
    • Monitoring and logging
    • Dynamic DNS security
  5. Network Authentication: RPC, NIS, and Kerberos
    • Vulnerabilities
    • Network-managed users and account management
    • RPC and NIS security issues
    • Improving NIS security
    • Using Kerberos authentication
    • Debugging Kerberized Services
    • Kerberos Cross-Realm Trust
    • Kerberos Encryption
  6. Network File System
    • Taking full advantage of security features in NFS4
    • Securing client-side mount options
  7. OpenSSH
    • Vulnerabilities
    • Server configuration and the SSH protocols
    • Authentication and access control
    • Client-side security
    • Protecting private keys
    • Port-forwarding and X11-forwarding issues
  8. Electronic Mail with Sendmail
    • Vulnerabilities
    • Server topologies
    • Email encryption
    • Access control and STARTTLS
    • Anti-spam mechanisms
  9. Postfix
    • Vulnerabilities
    • Security and Postfix design
    • Configuring SASL/TLS
  10. FTP
    • Vulnerabilities
    • The FTP protocol and FTP servers
    • Logging
    • Anonymous FTP
    • Access control
  11. Apache security
    • Vulnerabilities
    • Access control
    • Authentication: files, passwords, Kerberos
    • Security implications of common configuration options
    • CGI security
    • Server side includes
    • suEXEC
  12. Intrusion Detection and Recovery
    • Intrusion risks
    • Security policy
    • Detecting possible intrusions
    • Monitoring network traffic and open ports
    • Working with SNORT
    • Detecting modified files
    • Investigating and verifying detected intrusions
    • Recovering from, reporting, and documenting intrusions
Last Updated ( Saturday, 03 January 2009 06:44 )