The
latest events at NII Consulting, press interviews,
articles covering our company.
In
the Press - Interviews and articles
Events
- The latest happenings
In the Press
May 2007
The Indian Express - Coverage of inaugural workshop at the Cyber Security Research Center at Punjab Engineering College (PEC)
Coverage of inaugural workshop on Ethical Hacking and Computer Forensics conducted by NII's forensic expert, Kush Wadhwa, at the launch of the Cyber Security Research Center, PEC. The research center was launched in association with Nasscom.
February 2005
The Codebreakers - Featured article in Digit Magazine
Another interview on penetration testing, and how ethics matter.
September 2004
News article in the Economic Times covering Ethical Hacking
Covers an interview of our Chief Technology Officer on the business side of penetration testing and the art of bug-finding.
August
2004
Tips
for ferreting out vulnerable code
Interview with our CTO published by Loop, covering web application
vulnerabilities and their detection, based on his
presentation on the same subject at Blackhat USA 2004
June 4th 2004
Interview in Processor.com
We're
interviewed in an article in Processor.com on security issues with
outsourcing. "If the outsourced vendor can be certified to a standard
such as BS7799 or HIPAA, the level of assurance rises considerably..." Click here to read more
March 2004
Article on Linux Firewall solution for one of our clients
Click
on the link to read an article carried out by CXOToday.com about a
Linux firewall and IDS solution that we provided to one of our BFSI
clients enabling them to protect their critical servers with a
low-cost, efficient and open-source solution that was up and running in
less than a day.
December 2001
Network
Magazine: Enterprise Security: Chinks in the Armor
Cover story in Network Magazine with quotes from Network Intelligence
December 2001
SecurityFocus: The Littlest Security Pro
Youngest CISSP in the world joins Network Intelligence
August 2007
GFi Software Authorized Partner
NII is proud to announce its partnership with GFi Software. GFi is a leader in network security, content security and messaging software. NII is a Bronze Partner offering all the GFi products. GFi is a leading software development firm and has proved to be a technology leader with its scanning software, server-based anti-span, and email security solutions.
May 2007
EC-Council Accredited Training Center
NII is now an accredited center for conducting trainings with the authorized curricula of EC Council for various security technologies. NII has been selected and screened to have met EC-Council's standards in instructor certification, course delivery, adherence to training facility requirements, and ongoing quality commitment. NII is currently offering the Certified Ethical Hacking (CEH) and Computer Hacking Forensic Investigator (CHFI) courses in association with EC-Council.
January 2007
NII Consulting awarded ISO 27001 certification
NII is the first Indian Information Security consulting firm to achieve the ISO 27001 certification. It has successfully incorporated an information security management system for its processes and streamlined its operations to meet the information security requirements of its clients and partners alike. NII has recieved this certification after undergoing a rigorous audit from the British Standards Institute (BSI), an accredited certification body.
August 2006
Commencement of Bahrain operations
NII marks a major milestone in its quest to becoming a global consulting office, with the establishment of its first overseas office in Bahrain. After successful completion of several projects the Bahrain office will help establish a stronger presence in the Middle East, and also help us work closer with partners in the regions like Bahrain, UAE, Kuwait, Saudi Arabia, Oman and Qatar.
June 2006
Empanelment as IT Security Auditors: CERT-In, June 2006
NII is empaneled by CERT-In as IT Security Auditors. Indian Computer Emergency Response Team (CERT-In), under the Department of Information Technology, Government of India has created a panel of ‘IT Security Auditors’ for auditing, including vulnerability assessment and penetration testing of computer systems & networks of various organizations of the Government, critical infrastructure organizations and those in other sectors of Indian economy. NII is successfully empaneled for a period of two years.
May 2006
BankTech Congress, Mumbai, May 2006
NII participated in the BankTech Congress held at Mumbai on 25 - 26 May, 2006. Our founder, K. K. Mookhey spoke on Financial Frauds - The View from the trenches. He narrated real-life incidents that we have handled for clients. He also elaborated on our approach, tools and techniques used, and suggested controls for avoiding financial crimes.
February 2006
IT Underground, Prague, February 2006
NII's Security Analyst and PT Head, Sumit Siddharth, was invited to speak at the IT Underground conference from February 23-24, 2006. He presented a paper on IDS Evasion techniques.
Corporate IT Security Conference, Mumbai, February 2006
NII sponsored the Corporate IT Security Conference which focused on Information Security trends, security policies and procedures through ISO 27001, IT security implementation for the e-commerce domain and corporate data security management.
January 2006
Launch of Checkmate - an e-zine on Digital Forensics and Incident Repsonse
NII's Digital Forensics and Incident Response team launched an e-zine which aims to cover topics ranging from Network Forensics to Incident Response methodologies and forensics tools, along with digital forensics fundamentals and the legal implications of different situations. Checkmate is an initiative to spread awareness about this domain and share experiences.
May 2005
Networld+Interop, Las Vegas 2005
NII's Chief Technology Officer, K.K. Mookhey will be speaking at this year's Networld+Interop conference
to be held in Las Vegas between the 1st-6th of May 2005.
NetWorld+Interop is the most comprehensive IT infrastructure event in
existence and is the only event to address today's challenges and
opportunities with a systems-wide approach by focusing every aspect of
the event around six of the most vital technology trends existing
today. One of these is of course, Information Security.
July 2004
Blackhat USA 2004 Briefings
Our Chief Technology Officer, K. K. Mookhey presented at this year's Blackhat Conference in Las Vegas on "Evasion and Detection of Web Application Attacks". This presentation is now available here
July 2004
Securityfocus article on "Metasploit Framework"
This
is a three part article written by security researchers at Network
Intelligence that talks in-depth about the Metasploit Framework -
installation, configuration, and development of custom exploits using
the framework.
May 28th 2004
Presentation on Computer Forensics
We
were invited to present on the topic of "Computer Forensics" at a
conference on Fraud Management organized by Marcus Evans at Mumbai Taj
Land's End on 28th May. This presentation covers the common security
scams perpetrated against large corporations, forensics tools and
techniques, and some case studies. Click here to download the presentation.
April 2004
Denial of Service Vulnerability in ColdFusion MX 6.0
This new vulnerability severely cripples the ColdFusion MX Server and
in most cases requires a manual reboot of the server. It has been
patched in the 6.1 release and users are strongly urged to upgrade to
this version. This vulnerability can be exploited by supplying an
overly-long string to a function that is not geared to handle it.
February 2004
Snort IDS Signatures - for SQL Injection, Cross-site scripting and other exploits
Check
out our new section on Snort IDS Signatures. Most of them have been
written using Perl-Compatible Regular Expressions. For most of the
cases, we have given at least two sets of signatures - one for the
paranoid administrator, who wishes to detect any traffic that may
remotely resemble the attack under discussion - and the other for more
specific detects and reduced false positives. The latest addition is
for the exploit released for the Microsoft ASN.1 Buffer Overflow
vulnerability.
January 2004
New Service Offerings - Common Criteria, BS7799, and BCM
NII
has launched three new security consultancy services derived from our
experience in the past few years. These standards-based services ensure
methodical and effective solutions to your security needs.
The Common Criteria for Evaluation of Information Technology provides a common basis for evaluating the security of IT products and
systems. Our consultants will take you through all the stages of CC accreditation right upto the accreditation itself.
The BS7799 standard is a globally accepted standard for the implementation of a formal Information Security Management System
within your organization. Our certified and trained BS7799 consultants
will take you through all the stages of a BS7799 implementation until
your certification is assured.
With the growing need for a business to be resilient in times of disasters, it has become imperative to have a formal Business Continuity Management process in place. Our consultants will follow the Good Practice Guidelines of PAS 56
and ensure that you have an effective, reliable and fit-for-purpose BCM
process in place, which ensures promised deliverables to clients,
customers, shareholders, partners and other important stakeholders.
November 2003
NII bags ISACA research project
Researchers at NII have been commissioned by the Information Systems Audit and Control Association to
carry out a six-month research project on "Security Controls and
Auditing of Linux". This is in recognition of our research efforts and
India's strong Linux community. This research project will result in a
Monograph which will be sold through ISACA's bookstore. Intermediate
deliverables will be a whitepaper, Power Point presentations, etc.
October 2003
Security Audit of India's largest listed software company
We
just completed a comprehensive security audit of India's largest
software company on behalf of their largest client - a US insurance
giant. This audit covered three locations and was based on the BS7799
standard.
April 2003
AuditPro for SQL released
Continuing
with our steady run of innovative auditing products, we have just
released AuditPro for SQL. With more features than you could ask for,
APSQL ensures a comprehensive in-depth audit of your SQL Servers.
Moreover, its Differential Auditing feature allows you to save your
audit baselines and compare then with future ones, allowing you to
study increasing or decreasing levels of compliance.
May 3rd 2003
Workshop on Database Security and Auditing, May 3rd 2003
We
are organizing our next workshop on the 3rd of May on Database Security
and Auditing. This 1-day workshop will cover Oracle and SQL Server
Security and Auditing.
March 30th 2003
Log Analyzer (la) Generic Log Analysis Tool
NII
has just released a general purpose log analysis tool that will parse
almost any log file and search for matching patterns that you supply in
order to determine any intrusions or system malfunctions.
March 29th 2003
Workshop on Ethical Hacking, April 5th 2003
Our
next workshop is on Ethical Hacking on the 5th of April 2003 at Mumbai.
This is a never-before kind of workshop where you will learn more about
the art of penetration testing than any website or any book can teach
you. With our aim of complete Knowledge Transfer you will find your investment completely worth it!
February 10, 2003
Buffer Overflow in SQLBase 8.1.0 Any
user connected to the SQLBase 8.1.0 RDBMS can cause it to crash by
executing a buffer overflow using the EXECUTE command and supplying it
an overly long Procedure name to execute. Since SQLBase 8.1.0 runs as a
service with LocalSystem privileges, the buffer overflow allows for a
full remote compromise of the server. More...
February 01, 2003
Guide to Sybase Security: Continuing
with the trend of writing effective and practicable documents for the
IT Security community, we have just prepared a document on Sybase
Security Auditing. Your feedback is welcome. This document has been
authored by Nilesh Burghate
January 31, 2003
NII at the IETE Seminar on Mobile Computing: Our
CTO, K. K. Mookhey will be giving a presentation on Wireless Security,
WEP and other related topics at the IETE Seminar in Mumbai. Watch this
space to download the PowerPoint presentation. This is in continuation
of our approach in exending our security services to the Wireless
platform as well. We now provide Wireless Security Implementation and
Auditing.
January 29, 2003
MS SQL Server Password Security tool EnforcePass is released: NII
has just released a very effective tool for implementing password
security on MS SQL Servers. Keeping in mind the recent SQL Spida worm
and the fact that weak passwords are the weakest link in most security
setups, we have provided this set of SQL scripts that do not allow for
weak passwords to be chosen either by users or by DBAs. This tool has
been listed at the SQL Security website of Chip Andrews
November 20 2002
NII releases version 2.0 of AuditPro for Oracle: Additional new features include Baselining of database, and Password Auditing.
November 07 2002
The Unix Auditor's Practical Handbook: NII
releases a comprehensive document for Auditing the security of UNIX
servers. This document covers mainly Sun Solaris but also has
cross-references for IBM-AIX and Linux.
November 05 2002
NII is one of only eight other vendors nation-wide invited
by the Indian Army to bid for the Complete Security Audit of the Data Network of
its Eastern Command at Kolkata
October 10 2002
Free Tools from NII
NII
announces the release of free tools such as NTCrack - an NT Password
Cracker, forceSQL - MS SQL Server Password Auditing Tool, DumpWin -
Information dumping tool for Windows like DumpACL, and ModCheck -
simple utility to check for Modems
September 02 2002
NII releases version 2.0 of AuditPro for Windows
Additional new features include Auto Emailing of Reports, Central Control of Audit, File Integrity Checks.
August 30 2002
NII announces release of AuditPro for Unix
August 29 2002
NII announces release of AuditPro for Windows
