Open Source Consulting

Enomaly Open Source Consulting, focuses solely on providing development and support for Open Source technologies such as Linux, Apache, MySQL, Python, TYPO3, PHP, Java, PostgreSQL, Zimbra, Alfresco, OpenLDAP, Ruby on Rails, Jboss (J2EE), Drupal, Sendmail, Tomcat and Xen Virtualization. We apply valuable expertise and experience to transform the use of Open Source software.


                                 
Our Specialties
  • We specialize in Open Source and its use in the enterprise;
  • We are a highly talented group of senior IT professionals who offer a unique blend of core experience and specialized skills in our areas of expertise;
  • We provide proven industry solutions within specialized vertical markets;
  • We apply our resources appropriately and with close client interaction;
  • We offer flexible and scalable solutions at a competitive price.
                                 

Data security is a major issue in our high technology society. Unfortunately, there is no magic bullet that will cure all security issues. New forms of risk and exposure arise daily. However, there are solutions for managing data security risk, and we have them. Our network security experts ensure that our services continually offer the required security features and options to provide you with the highest level of safety.

Enomaly uses and recommends the Open Source Security Testing Methodology. The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated. For more information, visit > www.osstmm.org

Enomaly will fully test your applications and network environment ensuring that the completed application or network is safe, secure and reliable. 

 

Recommended Security TOOLS

  • Snort: An open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

    Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

    Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

  • UnicornScan: A port and protocol scanner witht he speed and power to catch a Unicorn. Actually, a truthful scanner that scales to very large networks while remaining equally fast. The scanner is truthful as it tells the tester exactly what is being returned in a clear format with no tricks to try to outsmart the auditor's experience. Results may go to an SQL DB for results you can revisit and map. A must have in any toolkit! 
  • AFD: Active Filter Detection is one step, according to the Open Source Security Testing Methodology Manual, that security auditors should perform to identify the presence of Intrusion Prevention Systems and other technologies that would directly impact the quality of a security assessment.
  • DNS Scan: A PERL script which supplements the DNS connect scanning task under the Port Scanning Module. Uses DNS connections on a class C to find live hosts through a firewall.
  •  MUTATEv2: an IDS evasion tool from Efrain Torres for assisting in system enumeration, port scanning, and vulnerability testing.
  • Assessment Scanner: A JAVA tool which supplements the Document Grinding Module for electronic dumpster diving. Supports GET and POST requests.
  • NWRAP: A tool developed by Simon Biles to add the Open Protocol Resource Database as an extended functionality to NMAP.  This will show all known protocols for discovered ports which greatly extends the nmap_services file of one service per port.  For this to work, NMAP must be installed and you should include the current version of the oprp.dump should be in the same directory.
  • Metis v. 2.1: This is a Java-based tool from Sacha Faust for finding the competitive intelligence weight of a web server and assists in satisfying the CI Scouting portion of the OSSTMM.
  • WMAP v. 1.2: A less stupid web scanner from Efrain Torres. This brute-forces the known directories to uncover variations in structure for better vulnerability scanning. Also includes Spanish file and directory names in the search.

Industry Focus

+ Education + Financial Services + Government + Manufacturing + Nonprofit

stardevelop.com Live Help Accept Decline Close