Network Security

In recent years, with the increasing dependence on the ICT infrastructure, the security of these systems has become very important. Along with this issue, Parshan Tech Afzar Company has chosen security improvement as one of the main axes of its activity and serves its customers in this field by providing technical capacity and expert expertise. Below are the general outlines of services in this area.

  • Ensuring the security of data storage and processing centers (Data-Center)
  • Securing communications of wide-area-networks and server hosting sites
  • Secure local area networks and access workstations to the network
  • End-to-end security solutions for our data exchange between workstations and servers
  • Deployment of firewall technologies, intrusion detection and control equipment, and access control for RAS users
  • Specialized solutions for authentication, authentication, assignment of access levels, and registration of AAA performance
  • Deployment of data exchange encryption technologies such as IPSec and …
  • Providing security measures for multimedia systems (VoIP, IP Telephony, Video Conferencing &…)
  • Internet Gateways
  • Cache, Filtering, and …
امن‌سازی شبکه (Network Security)

Methodologies for dealing with volunerabilities

Parshan Tech Afzar Company, with a specialized look at the set of necessary works to be done to ensure ICT security, also relies on developing standards in this field, some of which are reviewed in this section as the basis of security methodology.

 OSST (the Open Source Security Testing Methodology Manual)

OSSTM methodology is a method that describes how to perform security tests and use existing standards and standards. The topics covered in the OSSTM exams fall into five general categories:

  • Information and data controls
  • Employee security awareness levels
  • Levels of control over cybercrime and social engineering
  • Computer and communication networks (such as wireless devices – mobile phones, etc.)
  • Controls related to physical and environmental security levels (buildings, types of physical environments)

The above methodology, with a focus on technical details, examines preventive, preventive, and countermeasures and in this regard, introduces measurement methods on the obtained results.

 ISSAF (Information Systems Security Assessment Framework)

ISSAF methodology is a new and developed method that in examining and evaluating the security of information systems, divides them into different areas and examines and evaluates the details in the field of each of these areas. The purpose of this method is to create specific system inputs that examine security in a real-world scenario. In fact, ISSAF is used as a primary method to complete an organization’s security assessment. Of course, this method is still in its early stages of implementation.

Penetration Test

This methodology is divided into the following general sections:

  • Scanning ports
  • This is done at the same time as scanning the ports for security checks.
  • Perform fingerprint operation on the system
  • Review and explore services

Web application Penetration test

This type of test is a set of services used to check the security of web applications.

These services generally identify issues related to the following:

  • Identify vulnerabilities and risks in web applications in general
  • Identify known or unknown vulnerabilities to combat threats in the interval Finding a suitable solution to solve a security problem
  • Detection of technical vulnerabilities (site scripts, user identity by the program, passwords in memory, overflow buffers, management of user authority, manipulation of URLs, etc.)
  • Identification of business risks (loss of customer trust, unauthorized transfer of funds and capital, unauthorized entry into the system, extraction of personal information, etc.)

In order to complete the subject, a practical example of how to present the results of a permeability test is not without merit.

[1] Authentication & Authorization & Accounting