- Infrastructure
- Web Development & Services
- Telecoms & Networks
- Consultancy & Maintenance
- Internal Penetration testing
- Wireless Security Auditing
- IT Security Auditing
- Web App Penetration Test
- In House Appliction Security
- External Penetration Tests
After we help you evaluate and configure your IT infrastructure to mitigate risks and enhance performance, we set it up to support your business. We outsource the finest software from the most renowned international firms, such as our close allies at Microsoft and CISCO to provide you with a top notch, and user-friendly IT infrastructure. We set up fully-equipped data centres and server rooms for banks and other organisations, with full monitoring from one central point. We set up backup systems for all servers; there is no target too big or too small, we design and set up servers fit for individuals or enterprises.
Types of Infrastructures:
– SIS or Student Information Systems (In partnership with TeachArabia)
– Exchange and Email management systems
– IT Security Infrastructure:
– Storage, backup, and disaster recovery solutions
– Data centre security solutions
– Antivirus and SPAM solutions
– Storage Management
– Storage Area Network (SAN) (In partnership with Maxtronic)
– Netwrok-Attached Storage(NAS) ((In partnership with Synology)
– Linux solutions (open source) Linux internet firewalls, proxy servers, load balancer, file servers, etc
We set up your online office and manage it upon your request, otherwise we help you get used to using the CMS to edit your website pages
Services
– Websites – Design and Development
– SSL certifications
– CRM to manage your client relations online more effectively
We set up your online office and manage it upon your request, otherwise we help you get used to using the CMS to edit your website pages
Services
– Websites – Design and Development
– SSL certifications
– CRM to manage your client relations online more effectively
– Whether you are looking for an IT consultant or support for your server and desktops, we at Quantum help you think and plan before making IT decisions. We guarantee great outcomes through cost effective methods. We teach individuals and corporations how to tackle and install technology more efficiently via training sessions, keeping people constantly updated.
– IT Consultancy services to support your IT staff or to act as your CIO
– Yearly Maintenance Contracts
Scheduled training sessions
Internal Network Security Assessment and Penetration Test
The internal network security assessment, which is also called internal “penetration test” or internal “ethical hacking,” is a process that simulates an insider hacker who could be either a malicious employee or an attacker who has gained illegal access to the internal perimeter of the organization. Malicious insiders pose a greater threat than external attackers, and as such, ensuring the internal security of the organization should be taken seriously.
The internal penetration test shows how a malicious insider can compromise the internal network and computer system and gain privileged access to confidential and sensitive information. The test is conducted by one or more qualified information security professionals. The tester will conduct the test from within the internal perimeter of the client’s network.
The internal network security assessment typically involves the following tests:
- Traffic eavesdropping and hijacking
- Attempts to gather confidential information, such as, emails or documents
- Attempts to obtain administrative and users’ passwords
- Attempts to exploit internal SQL and Web servers
- Attempts to exploit the internal Email servers
- Attempts to exploit the internal FTP and SSH servers
- Assessing the wireless network security
Our final report includes an executive section, which is a non-technical summary of the security issues, that is suitable for managers and executives; and it also includes a technical section with detailed descriptions and recommendations that is suitable for IT administrators and engineers. Along with the report, our clients get a face-to-face meeting with our security professionals to brief them about the report and help explain any difficult point.
Conducting regular penetration tests – annually, biannually, or quarterly – is a prerequisite for any organization wishing to become ISO certified in information security or be in compliance with the PCI DSS regulation.
You may have deployed an internal wireless network for a variety of reasons, such as, mobility, ease-of- use, increased productivity and providing guests with quick Internet access. However, wireless technology, if not deployed securely, could pose a threat to your business. Therefore, it is important that your wireless technology is implemented based on effective security standard. The wireless security auditing provides you with detailed assessment of your wireless network security posture.
Wireless network differs from traditional wired network in so many aspects; for example, wireless network is not confined to a particular physical room/building, but can span an avenue with greater access ability. Because of that, authentication, encryption, placement of Access points, etc., are all important factors of your wireless network security posture. Our information security professionals can audit your wireless network and walk through in-depth analysis of its security posture. At the end, you will receive a full report showing the strong and weak points in your wireless network along with recommendations and advises on how to enhance and tighten the security of your wireless network.
A typical wireless security audit involves the following steps:
- Reviewing the existing, or developing a new, wireless network policy
- Identifying all Access Points (AP) along with their coverage
- Assessing the physical security of the AP’s
- Assessing the configuration settings of the AP’s, Wireless management systems, and wireless
clients - Assessing the encryption scheme
- Assessing the authentication method
- Assessing the access from wireless network to the local LAN
- Assessing the “guest” network
- Reviewing the existing, or developing a new, BYOD policy
The final report is a detailed step-by-step descriptions of every weakness and strength. And for every point, there will be a recommendation for a certain action to enhance the overall wireless security. You, as a client, will get a face-to-face meeting with the security professional(s) to explain any necessary item.
Effective information security can only take place through a holistic top-down process that starts with upper managers, passes through the technical engineers, and ends up with end-users and even third-party contractors. Just buying firewall appliances or antivirus solutions does not automatically make your information and network “secure.” An IT security audit verifies how much your assets, such as computers, network, and data, are secure, identifies the weaknesses in the security chain, and provides you with recommendations to enhance the overall IT security posture.
During an IT security audit, our information security professionals examine the policies, procedures, controls and mechanisms implemented in your network and computer systems and assess how much they comply with industry-level best practices and standards. Furthermore, the audit involves interviewing different employees and checking their security awareness.
A typical IT security audit involves the following components:
- Reviewing the existing security policy and all related technical policies.
- Assessing server security.
- Assessing workstation security.
- Assessing network equipment/device security.
- Assessing remote access mechanism.
- Assessing wireless network security.
- Assessing Internet access and Email system.
- Assessing file sharing mechanism and controls.
- Assessing the log management system.
- Assessing employees’ security awareness.
After the audit, you will receive a comprehensive report detailing all the audited items and their security level. In this way, you will get a deep insight into the weak or insecure elements of your IT environment. The report is written with an executive section for non-technical managers, and with a technical section for the IT team. In addition, the report includes recommendations on how close the security gaps, develop necessary security policies, and mitigate any identified risk.
While network penetration testing is an essential part of an effective IT security management, it cannot detect vulnerabilities existing within your custom web applications which are developed by either your own or third-party web developers. Those web applications, if not securely developed and tested, could be the doorway for hackers to get into your computer systems. As such, it is important to pentest those web applications thoroughly before putting them in a production environment. It is well-known within the information security community that there are specific vulnerabilities that could exist in any insecurely designed web application; the following is a list of the most common web application vulnerabilities:
- Cross Site Scripting (XSS)
- SQL Injection
- Malicious code injection
- Lack of input validation
- Improper authentication schemes
- Session hijacking
- Invalid client-server transactions
- CGI vulnerabilities
- Cookie theft
- Privacy exposure
- Logical flaws
Our information security professionals can attempt to penetrate your web application using automated and manual processes. They are able to find vulnerabilities that may reveal sensitive data, escalate access privilege, or cause denial of service (DoS). Our web application pentest follows a standard methodology – such as the Open Web Application Security Project (OWASP) – and typically involves the following steps:
- Information gathering
- Assessing configuration and deployment management
- Assessing identity management
- Assessing the authentication schemes
- Assessing the authorization schemes
- Assessing session management
- Testing input validation
- Testing error handling
- Testing encryption schemes
- Testing the business logic
- Client-side assessment
The final step is to deliver a comprehensive report with an executive non-technical section that highlights the general security posture along with the most serious actions to take. The report also includes a detailed technical descriptions of all the steps undertaken in the test, all the discovered vulnerabilities and weaknesses, recommendations on how to remediate those vulnerabilities and how mitigate any risk.
In-House & Desktop Application Penetration Testing
In order to increase productivity and automate business processes and procedures, you may have developed various desktop applications that your employees use. These software applications can aid in accounting, HR operations, sales and marketing, or even in IT operations. However, if these software applications were not developed based secure methods and security best practices, it is likely that they contain serious security vulnerabilities that can cause serious damage to your business. Therefore, it is important to thoroughly pentest your desktop applications before deploying them in a production environment. The following is a list of the most common software vulnerabilities:
- OS command injection
- Buffer overflows
- Improper authentication
- Improper authorization
- Improper encryption schemes
- Unrestricted file upload
- Path traversal
- Open redirect
- Format string
- Integer overflows
During desktop application penetration testing, our information security professionals play the role of hackers and attempt to break and penetrate into the software application revealing all exploitable vulnerabilities. This type of penetration testing relies not only on automated tools but also on manual analysis and verification. A typical desktop application penetration testing involves the following step:
- Information gathering.
- Assessing the business logic.
- Source code analysis.
- Assessing configuration and deployment management.
- Testing input validation.
- Testing error handling.
- Assessing authentication schemes.
- Assessing authorization schemes.
- Assessing encryption schemes.
After the penetration test is done, we deliver a comprehensive and detailed report outlining all the undertaken steps along with the discovered vulnerabilities. The vulnerabilities are classified according to their associated risk, that is, high-risk, medium-risk, and low-risk. The report includes recommendations on how to practically close those vulnerabilities. Finally, the report includes an executive section for managers and non-technical executives.
I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
The external network security assessment, which is also called external “penetration testing” or external “ethical hacking,” is a process that evaluates and assesses the security posture of the corporate’s Internet presence. Conducted by our qualified information security professionals, the external penetration test provides our clients with detailed analysis of how real hackers/attackers might probe, exploit, and compromise their corporate IT; additionally, the client IT team will receive a detailed walk-through of how to mitigate environment any risk and cover any vulnerability.
The security professional simulates the actions of real hackers, and starting from few pieces of information, like the external IP address range of the client organization, he will find all Internet-facing servers and services and identify all vulnerabilities and security weaknesses. He will then analyze all attack vectors and ways of exploitation. Finally, our security professional will present the client with a clear report with all the recommendations to enhance their network security.
Although our penetration test assesses any Internet-facing server, device, or a service, it typically involves assessing the following assets:
- DNS Servers
- Web (http/https) Servers
- File (ftp) Servers
- Remote Access (citrix/rdp/ssh) Servers
- Mail (smtp/imap/pop3) Servers
- Routers and VPN Gateways
- Firewalls and IDS/IPS
Our external penetration test follows a standard methodology, and the steps involved can be outlined as follows:
- Reconnaissance and footprinting
- Scanning, fingerprinting and identification
- Vulnerability assessment
- Attack vector analysis and exploitation
- Reporting
Our final report includes an executive section, which is a non-technical summary of the security issues, that is suitable for managers and executives; and it also includes a technical section with detailed descriptions and recommendations that is suitable for IT administrators and engineers. Along with the report, our clients get a face-to-face meeting with our security professionals to brief them about the report and help explain any difficult point.
Conducting regular penetration tests – annually, biannually, or quarterly – is a prerequisite for any organization wishing to become ISO certified in information security or be in compliance with the PCI DSS regulation.