IT security services

Security-analysis

Advanced computer security

Our consulting services provide advice on computer security and protection for your computer systems and applications. Thanks to our team of experts in ethical hacking we can protect your company.

We have experience in conducting intrusion tests which help to protect your company computer systems, to prevent information leaks and to ensure the success and continuity of your business.

Contact us for further information.

Main services

The specialized services in computer security performed by Tarlogic cover a wide range of services (forensics analysis, DLP …) and technologies (web services, active directory, databases, Wifi …). Most of these services are remotely performed from our facilities. We advance you detailed information of some of these works:

By performing a security audit or intrusion test you may identify weaknesses in the security mechanisms displayed in your computer systems and discover how far an attacker could reach. This type of work can help protect you infrastructure and limit access to confidential information from your company.

The most common approaches to this type of work are:

  • Internal intrusion test: Security check of the internal computing platform of your organization.
  • Perimeter intrusion test: Security risks identification from the Internet and privilege escalation on the internal network.

Web applications are one of the main gateways to access the internal network of your company from the Internet.

Depending on your needs, you can perform security analysis of your web applications and corporate websites by using the following approaches:

Audited Black Box: We call black box to the approach in which the auditor has no knowledge of the underlying technology infrastructure. This security check is ideal for simulating attacks carried out by personnel external to the organization.

White Box Audit: Technical information on the assets to audit is provided to. Depending on the analyzed assets, it may include information such as users, passwords and existing security mechanisms. With this approach the auditor does not need to do an extra effort in finding information and it allows to focus the efforts on those elements that are critical to your business.

Using internationally recognized methodologies in this work will help to improve the security of your business, preventing information leaks.

Security analysis of electronic business applications to prevent fraud, information stealing and to maintain service availability against attacks of denial of service (DoS).

Ensuring security and availability of their e-commerce platform is a key aspect for the image of your company on the Internet and to ensure the continuity of your business.

  • Security: Protecting the security of web and mobile applications.
  • Privacy: Detection of employee information leaks.
  • Fraud: Definition and implementation of technical controls to limit fraud.
  • Availability: Prevention of DoS attacks and identification of technical issues that may affect availability.

Analysis of hardware security devices, routers and embedded devices by using reverse engineering techniques and analysis of hardware and firmware to ensure the protection of your product and prevent attacks against your infrastructure and customers.

  • Analysis of memory: Memory chip extraction from the motherboard and firmware reading.
  • Physical interfaces: Identification and interaction with serial and JTAG hardware interfaces.
  • Firmware Analysis: Firmware unpacking and file system extraction.
  • Reverse engineering: Static analysis of binary firmware for their analysis.
  • Device emulation: Firmware loading in virtualized environment for stress and security testing.
  • Protocol analysis: Analysis of communication protocols and development of compatible clients.
  • Hardware interception: Display of solutions of interception of communications via hardware (DSLAM, CMTS) and software (MITM).
  • Software interception: Interception of communications via software with proxies of intermediate navigation and “man in the middle” attacks.

Mobile applications are becoming more and more used in the business world, where developments are made as to interact with business applications.

Because of the information they manage and the resources they get access to, it is necessary to perform a security audit on mobile applications used in the company of any of the existing mobile platforms: iOS, Android, Windows phone and Blackberry.

  • Application unpacking depending on its format (APK, IPA, ALX, JAD, XAP).
  • Protectors and code obfuscators detection.
  • Analysis and audit of source codes.
  • Analysis of the data stored by the mobile app.
  • Analysis of the storage mechanisms of the platform.
  • Protection mechanisms for accessing the app data.
  • External load or run content.
  • Existing authentication mechanisms.
  • Transport layer and encryption mechanisms (HTTP, HTTPS, SSL, TLS… ).

The use of the term APT (Advanced Persistent Threat) has become increasingly customary to refer to the new silent threats facing the organizations.

An APT is a highly specialized type of malware used in attacks directed against specific targets such as large companies or governmental agencies. Behind these attacks can be foreign governments, activist groups or competing companies trying to steal the R&D, corporate information or damage at a future time the ICT infrastructure.

Tarlogic has developed an APT called Acarus which can be used in remote intrusion tests to detect exfiltration routes of confidential data from an organization to the Internet and to check the existent security mechanisms to protect themselves from an APT.