NOWadays the biggest risks in IT Security are coming from data leakage - data stealing and from the vulnerable IT infrastructure. It is now a daily example in the media to hear about unauthorized data accesses, hijacked computers and complete IT systems, or similar technological abuses. These criminal activities results in serious damages not only on IT level: significant loss on the business reputation, risking a company’s market position and the development opportunities. The stolen customer data manipulations available because of vulnerable IT systems, can influent the public view of companies badly above on the embarrassing incident(s) itself. Market positions earned hard, recognition became to nothing if the customer trust got shaken, if the company data assets serves others.
Information security is not a hardware product you can switch on and you are done, no security threats anymore. You can’t put it on the self between the software boxes, that ok finally we are there, everything settled.
Information Security is kind of status, what you have to keep on high level.
About us
The Company
nConnect Hungary Ltd. founded by IT professionals, experts from the various areas of Information Technology in 2010 in order to integrate their experience.
We are providing complete services on the field of IT Security, along with designing, planning and managing Information Systems from zero to the Enterprise sector.
The Vulnerability Assessment Method of nConnect is based on the method what is the base of cybersecurity at EU or NATO. Built on international experiences, our focus is on the human intelligence - the „manual” work. The audit kind automated scanning - widely used in Western Europe - just extensions of our methodology.
What’s determining the security level of any IT infrastructure? The weakest link. Always.
<
Certifications
The methodology to run an [Enterprise] IT infrastructure - based on experience. Big repository of IT management standards and recommendations – to do it well
Offensive Security Certified Expert - hands-on hacking certification. Modified, ported, and zeroday exploit codes, AV/IDS/IPS evasion with modified binaries and so on...
Certified Information Systems Auditor.
Certified Information Systems Manager.
ISO 27001 Lead Auditor. To implement ISO 27001 or to prepare for the certificate of ISO 27001.
Services
Main Services
Vulnerability Assessments
Offensive information security assessment, or Ethical Hacking where real world hacking methods, techniques are used in order to find out how secure is the actual IT infrastructure.
Software Development, Reverse Engineering
Let’s have secured applications, smart apps! Application development from zero, towards the security focused code audit of existing applications (web applications, smart apps, etc.)
Audit preparation (PCI DSS/ISO27k1)
In collaboration with our partners - preparation for PCI DSS or ISO 27001 certification, with the real world IT security experiences of Vulnerability Assessments.
Ethical Hacking What is the meaning of ethical hacking?It is an offensive information security assessment, using all the tools and techniques what hackers use in real life scenarios. Okay, but what makes it ethical?It is requested by the customer itself against its own environment, by the representatives of the customer, with the proper level of authorization. What is the goal of such assessment? Performing a complex non-limited assessment to find all the vulnerabilities what is possible, during the agreed timeframe of the project.
What is the structure of such assessment? The assessment has a number of interconnected modules:
External
Internal
Web application
Wi-Fi
Mobile networks (GPRS, 3G, LTE),
Social engineering.
What does the customers report package contain?The end result is complex, targeting multiple audiences:
Executive Summary about the risks at company level with decision-making situations.
Detailed lists about the vulnerabilities, attack vectors and its possible fixes. The technical report is modularized with categories where the vulnerabilities prioritized based on their importance.
Finally an action plan with a with short- mid- long term break-down. This will be the base of the project plan, which will be used to fix the problems and raise the resistance level of the IT infrastructure.
Ok, I got the report, it has multiple critical findings/vulnerabilities, what should I do, what’s the next step? Just open the action plan and use that to plan your modifications and fixes according to the internal IT Change Management procedures.
Unfortunately we have not enough [qualified] resource, what’s next? We can help both on Quality Assurance or implementing role to achieve the final goal in order to fix all the vulnerabilities in the proper way.
Based on the experiences of various application’s vulnerability assessments:
Code Audit: Usually happens after a Vulnerability Assessment, or act as a module of a bigger, more complex VA like source code audit of a web application, or smart apps.
Secure Development: the most effective way of secure development? Do it as a daily practice from day 1. To achieve this, it’s a must to set the base requirements, and within those boundaries hold systematic reoccurring code reviews – including the security aspects and requirements.
The foundation of security awareness based on actual trends, events from Information Security`s point of view. Who needs such awareness training within a company?
The senior management, decision makers (non-technical training), to become updated with the risk factors influencing the operation of the company.
The employees (non-technical training), to create a real security awareness in their minds.
The operators of the IT infrastructure (technical training), to let them focus on the real problems/risks.
The developers (technical training), to let your company has such products, which are creating revenue, not leaking data or create backdoors – so you don’t have to recode everything from scratch.
Based on the experiences, the IT security problem needs at least these four level of „translations” within a company, to address everyone and send the proper message to each and every group. A message wich relevant.
With more than 15 years of experience in the Enterprise IT (ITIL, CISA,CISM, PMI) we can turn the IT operations and management to be more effective, set the operation of the company more stable. Tailored for the size, fine-tuned for the goal s of the firm:
Development of IT Security Strategy
Creation of Information Security Policy
Creation of Business Continuity Plan
Development of Disaster Recovery plans (DRP, ADRP)
Preparation , implementation of IT [security] procedures
Implementing proper level of IT security the best IT SEC solutions - according to the company`s profile
References
Our team has been engaged in assessments like listed below:
Public Foundation, One of the biggest and most successful non-profit institute of applied resources.
Vulnerability Assessment modules: Special vulnerability assessment (external, web application)
Big telecommunication company abroad, it has 31 million customers in 8 countries.
Vulnerability Assessment modules: Complete vulnerability assessment (external, web application, internal, Wi-Fi, social engineering, + 3G/GPRS)
Government controlled Ltd. driving the Hungarian energy sector. One of the most important strategic area of the national economy.
Vulnerability Assessment modules: Complete vulnerability assessment (external, web application, internal, Wi-Fi)
Hungarian subsidiary of an international telecommunication company, a dominant player on the Hungarian telecommunication market.
Vulnerability Assessment modules: Complete vulnerability assessment (external, web application, internal, Wi-Fi, social engineering, + 3G/GPRS)
One of the biggest player in domestic waterworks in Hungary.
Vulnerability Assessment modules: Complete vulnerability assessment (external, web application, internal, Wi-Fi, social engineering)
Governmental supervisory body of pharmaceutical industry in Hungary
Vulnerability Assessment modules: Special vulnerability assessment (external, VPN, internal)
One of the biggest commercial television company in Hungarian market.
Vulnerability Assessment modules: Special vulnerability assessment (internal)
Governmental organization of Hungarian Infrastructure Development.
Vulnerability Assessment modules: Special vulnerability assessment (external, internal)
Partners
Research and Development
HackLAB: an R & D lab
The development of IT is constant. With this continuous development the number of newly raised IT security challenges and vulnerabilities are growing as well.
nConnect is committed to the continuous development on the IT Security field, we are the founders of HackLAB, an R & D lab of information security. At HackLAB there’s a continuous professional work, finding security solutions from the individuals to the enterprise – both on hardware and software level. Researching the new vulnerabilities and finding solutions for its defense.
