Tuesday, May 28, 2013

Penetration Testing can help corporates to meet their security goals

After so many latest and powerful Malware attacks, Corporate industry; more than ever - need to take advantage of Cyber Security in order to test their networks, systems and applications to protect themselves from different Cyber Attacks. To ensure that web based systems and applications are secure requires more than just good design and development. In order to identify vulnerabilities, it is often a good idea to involve an independent body like Sedulity Groups to help find potential security problems before releasing to the public.

Getting Penetration Testing done is the only best practical way for companies (Small, Medium, & Large) to establish the optimum level of security within their networks & systems. Having third parties do this testing is a good way of introducing genuine experts and getting a different view on something said Dr. Anup Girdhar, CEO of Sedulity Groups. "However it’s also important to make sure that security is the responsibility of the team, and not something that is outsourced. With the ever-increasing risk of internal & external Cyber-Attacks to websites, the adoption of new technologies including virtualization and cloud computing, organizations have to firstly, identify Cyber Threats and secondly, put control measures in place to defend themselves from all these Cyber Attacks said ."

Routine IT Audit, is also known as penetration testing which is an essential component for any Corporate to implement the optimum level of security. As computer technology has advanced, organizations have become increasingly dependent on computerized information systems to carry out their operations and to process, maintain, and report essential information. As a consequence, the reliability of computerized data and of the systems that process, maintain and report these data are a major concern to audit.

Penetration testing should go far beyond proving it is possible to break into a system. It should explore the impact of the compromise and give a business answer to the threats an organization faces Dr. Girdhar, said in an interview. A client may not care that a development SQL server is vulnerable – but if that server is joined to the domain, we can demonstrate that it almost always allows an attacker to gain full access to the entire network. Likewise, a vulnerable firewall might not be important if the vulnerability cannot cause loss or embarrassment to the business. This type of analysis will assist you in directing security strategies and efforts. This makes penetration testing a need rather than an optional endeavor.

Sedulity Solutions & Technologies, is the most professional group of IT security Experts and Ethical Hackers involved into various Cyber Security Solutions for Corporate and Govt. Departments like Penetration Testing, IT Auditing, Cyber Crime Investigation, Data Acquisition, Network Security, Server Configurations,  Security AMCs, Creation and Hosting of Secure Websites, finding Vulnerabilities and loopholes in the Websites and also provide the Security Countermeasures to overcome the Cyber Attacks. Penetration Testing, services include a comprehensive report which will identify the vulnerabilities, severity levels and also recommends remedial activities as well. These services are suitable for small, middle, and large level companies. The packages are available for a limited time only at the special discounted price..

To get best Cyber Security Solutions for your business or organization, you may contact Team Sedulity.

+91-9312903095 or Email at contact@sedulitygroups.com

Friday, May 24, 2013

Why HTTPS is not implemented on entire web when it is more secure?

Today we live in the advanced ‘Cyber Space’ where we all are connected through various means of Communications via using Internet. More than 99% internet users visit lot of websites includes Social Networking, Email Services, E-Commerce, Banking etc. where we pass our User Names & Passwords many a times each day. At the same time the problems of ‘Cyber Crimes’ are also rising up where most of the problems are related to the Hacking of the User Names and password. Today if we see, most of the websites are on http instead of https which is supposed to be a much secure protocol. That extra "S" in the URL means that your connection is secure and it's much harder for anyone else to see what you're doing. However, the question is that if HTTPS is more secure, then why doesn't the entire Web use it for security reasons?

HTTPS is used only by those sites that handle money, like your bank's website or shopping carts that requires financial information like Credit Card details or the Online Bank Details. For example if we talk about the websites of Banks, it is mandatory for every Bank to implement https on their website, as per the RBI guidelines. It is easy for anyone to capture your current session's log-in cookies in any insecure networks like your College/ Office hotspot or public Wi-Fi at the restaurants.

You might not mind anyone reading your messages on twitter or so. However, you never prefer anyone sniffing your User Name & Password. That’s why Twitter has announced a new option recently to force to HTTPS connection. However, it is available only for the Desktop Browsers and not available for the Mobile Browsers which is another issue.

Slowly and gradually the websites are moving on HTTPS but why not entire web should move towards it? That’s the question that was put in front of Dr. Anup Girdhar, (CEO-Sedulity Groups) during an interview. There are lot of issues due to which it’s taking lot of time to move from http to https completely. The major problem is the high cost which is to be paid to get the secure Certificate due to which most of the vendors do not prefer to move to https. The another problem which is also encountered is the slow performance hit when using https, said Dr. Girdhar.

Moreover, if you calculate the cost of running the https site, it is expensive as compare to the http site. An https website doesn’t work because it requires good Broadband speed and should be the Browser Compliant. It is possible with the Man-in-the-middle attack to crack the password on http sites, where https websites are comparatively more secured. However, the hackers are so advanced that they’ve even hacked the https websites as well, which has become the another security constraint for the W3C. Certain add-ons and plugins are available which simply recover the username & password from the https websites as well. I have demonstrated the same in one of the International conferences held at Singapore, said Dr. Anup Girdhar.

If we measure, the reasons can be taken care of with providing optimum level of solutions in order to get secure connections. So we need to look broadly that if https will be implemented completely, how well it safeguard our websites and protect our data.