Information Security Consultancy Services

 

Risk Assessment
SSR-i can provide Risk Assessment reports which document the likelihood of a threat materializing due to vulnerabilities in a system. By understanding system risks organizations can make sound business decisions in face of harsh and dynamically changing markets. SSR-i works with clients in order to clearly present how the technical risks can impact their business.

Project Management
SSR-i has a track record of implementing security solutions effectively and efficiently, tailoring to the clients needs. SSR-i uses MoD compliant Systems Engineerings Standards, and fully appreciates the human element in producing a successful outcome in projects.

Secure Systems Design & Architecture
Establishing a safe and security system solution, by creating a system architecture which meets the organizations business objectives. Designing the System the system based on the architectural requirements. Through out the process Information Security is kept at the forefront but defining surface areas for avenues of attacks as establishing threat models based on the system specification.

Implementation Services
Seamlessly embedding technology and process into your organization, to satisfy business needs.

Information Security Audit
Providing a high level or granular low level audit against organizations own policies or industry best practices, as well as technical assessments such as vulnerability tests on the organizations systems. 

 

Strategic Consulting
SSR-i can establish a framework that bridges the skills gap to attain corporate goals of creating a secure enterprise and personal development plans set within the organizations resulting with individual prescriptive training plans.

Wireless Security Assessment
SSR-i offers its clients detailed assessment of the organizations pervasiveness to wireless attacks. The Assessment is comprehensive, detailed not just weaknesses in WiFi but GSM as well and the impacts of availably on services dependent on wireless security.

Web Application Testing
SSR-i fully appreciates the loss of reputation and public confidence an attack on an organization’s website could cause. A company’s website can provide a bountiful harvest of information to an attacker, and it is  in many cases a gateway into the system. SSR-i conducts detailed web testing services to its clients

Training supply and support
To help you get started with the training we provide to our Authorized Technical Training Centers with qualified trainers who are able to deliver the curricula for the materials we provide. Weather it is to help you manage the peak demands so that you can maximize your profit opportunity or simply filling in for holidays.

Security Awareness
Aim at general customer bases and seasoned security professionals

Booking trainers
The trainers are fully authorized by SSR-I and carry the accreditation from the vendors to deliver these courses. To book a trainer simply contact us and confirm the training dates you require. We have trained and vetted the trainers for quality and competency to deliver our curricula to the highest standards.

Room set up for courses
SSR-I support staff will assist you in setting up the courses you require. Weather it is assistance via the telephone or setting up of venues on site, we can provide that critical expertise when you need it.

Trainer Authorization Programme
If you are an ATC we can train you trainers to authorized level. If you are freelance trainer and want to deliver these courses for our ATC partners then contact us we will guide you through the process.

Custom Courses
SSR-i can taylor courses to suite you business needs.

 

Corporate Headquarters
5 Heath Road
Weybridge
Surrey
KT13 8SX

Tel: 0845 430 9981
Fax: 0845 430 9982

Business Hours:
9 AM - 5 PM GMT
Mon - Fri

Customer Support:
customer@ssr-i.com

Certified Ethical Hacker Specialist ™ (CEHS™) - 5 Day

Outlines English: HTML - PDF | Class Schedules

 

Certified Pen Testing Specialist™ (CPTS™) - 5 Day

Outlines English: HTML - PDF | Class Schedules

 

Certified Penetration Testing Expert™ (CPTE™) - 5 Day

Outlines English: HTML - PDF | Class Schedules

 

Certified Digital Forensics Examiner ™ (CDFE™) - 5 Day

Outlines English: HTML - PDF | Class Schedules

 

 

Vista Forensics Examiner™ (VFE™) - 2 Day

Outlines English: HTML - PDF | Class Schedules

 

 

Certified Information Systems Security Professional™ (CISSP™)

Outlines English: HTML - PDF | Class Schedules

 

 

Courseware

 

Welcome to our store

Below is a list of our available certification courseware from Mile2®, and IP3®.

 

 

Penetration Tests

Penetration tests provide a detailed report on a a system's vulnerabilities and the organizations exposure to Information Security threats. These tests do not simply emulate an attack on the system, but rather try to find every possible avenue for comprising a system. An attack needs to be successful only once, but a system has to be secure all the time.

An attack on an organization's system can be devastating. The damage caused can infringe upon the company's complaints and legal obligations, impact a company's ability to continue trading, hurt the organisations reputation, and disclose confidential information such as trade secrets.

Depending on the Organisations requirements, SSR-i's the methodology may contain, but not limited to the following stages:

Information Gathering and Network mapping

SSR-i will gather information about the target system. Foot printing techniques will be deployed to gather any valuable information which is publicly available that would aid an attack. Once enough data has been gathered Firewall/IDS/IPS evasion and exploitation will be applied on the perimeter network identifying valuable targets present and network devices that might be of interest.

Service Enumeration

Enumeration involves gathering information about the services that are run on the system and those of individual targets. This stage reveals services and protools, which are exploitable.

Vulnerability Assessment

Manual and automated procedures will be used in order to assess the system and its services of know vulnerabilities, misconfiguration errors and the robustness of the system on attacks against availability. SSR-i will also check for false positives on the assessment.

System Exploitation

SSR-i will use the Vulnerability Assessment Report in order to find which attacks are possible based on potential vulnerabilities can be compromised.  This stage will show the extent of the exposures and their impacts to the system, the information that can be disclosed, altered and services disrupted.

Deliverable Documentation

SSR-i will deliver a formal report which includes high level summary, a risks mitigation table detailing the the results of the assessment and a detailed description of each issue, and mitigation controls.

 

Penetration Testing Techniques

• Active attempts to retrieve corporate email, phone calls, instant messages, account lists, passwords, accounting records, intellectual property
• Firewall/IDS/IPS evasion and exploitation
• Remote access compromise (VPN, PBX, War Dialing)
• Client side exploitation
• Phishing attacks / Social Engineering
• Untrusted media insertion, (USB dongle/CD attack)
• Wireless key cracking, (WPA, LEAP, WEP)

Computer Forensics Services

SSR-i Provides many Computer forensics services from bespoke training courses to Expert Witnes Testimony.

Digital Forensics Training Courses

Computer Forensics was developed by U.S. federal law enforcement agents during the mid to late 1980s to meet the challenges of “white-collar” crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline.

The Digital Forensics Courses were designed to train “Computer Crime Investigators” whereby delegates are taught electronic discovery and advanced investigative techniques. These courses are essential to anyone encountering digital evidence while conducting an investigation. Program is designed to e Investigators” whereby students are taught electronic discovery and advanced investigative techniques. These courses are essential to anyone encountering digital evidence while conducting an investigation.

 

Digital Forensics Analysis

SSR-i Provides to its clients a Digitial Forensics lab for the Analysis of Digital Evidence. Upon recieving the Evidence SSR-i is able to aid an organisation with its investigation and providing them with the proof they need.

Digital forensics requires an in-depth understanding what information can be collected from a system, how the information can be collected in am manner that is admissible in a court of law, and detailed documentation which satisfies the investigations requirements. A deep technical knowledge of many aspects of the computer system from the underlining hardware to the artifacts left on Operating Systems and their corresponding Files systems and storage mediums. SSR-i’s digital forensic examiners will accurately analyze digital data from almost any computer system, regardless of attempts to delete, hide or destroy the information.

Cold Boot Aquisition and Analysis

 

Expert Witness Testimony

SSR-i provides to its clients expert witness testimony for cases dealing with digital evidence.

Digital forensics requires an in-depth understanding of what information can be collected from a system, how the information can be collected in a manner that is admissible in a court of law, and detailed documentation which satisfies the investigations requirements. A deep technical knowledge of many aspects of the computer system from the operating system ISA to computer architecture and hardware design. SSR-i’s digital forensic examiners will accurately analyze digital data from almost any computer system, regardless of attempts to delete, hide or destroy the information.

The experience and professionalism of a Digital Forensics Examiner, plays a vital role in a legal case. The Courts have strict regulations with regards to the admissibility of Digital evidence.

Today many court cases have been won with the help of Digital Evidence as the use of electronic devices have become increasingly pervasive in our daily lives.

The Digital Forensics Examiners at SSR-i well versed in the legal issues and prudence require in collecting digital evidence which is admissible in court. From chain of custody to Legal advice. Our comprehensive understanding of Information Security, Incident Response experience, and training sets SSR-i apart.

 

 

CEHS Five Day Course Outline

The CEHS is the most comprehensive 5-day Ethical Hacking course there is. Intense Cohesive, Multifaceted and Easy to follow. For every subject in the CEHS course, the theoretical and technical knowledge is explain to the delegates and important case studies and examples to highlight its significance, then demonstrated by the instructor followed by labs to cement their understanding of these security issues.

• From the start, the course spends little time on lengthy introductions and instead spends the first day on the technical background of Information security, complete with labs and demonstrations in order for the delegates to understand the rest of the course.
• The Second day will follow a complete attack on an network from information gathering all the way to covering their tracks and slipping away.
• The Third day will cover the majority of avenues of attacks, such as buffer overflows and malware enabling the Delegates to fully understand and appreciate the attack surface area of their systems.
• The forth Day focuses on Web Vulnerabilities, our course follows closely developments by OWASP and the web community details them enough to have an understanding of the major failures in websites.
• The Final day of the course delegates will be introduced to the latest attack surface area on an organization’s System, mobile and wireless devices. In many cases mobile devices act as a covert channel, a medium to transfer more malware, and most importantly it is often the weakest link in the chain.

Security Fundamentals

• Introduction - Current State of Information Security
  
• Information Security Fundamentals
  
• Protocols
  • TCP/IP Introduction
    
  • ARP
    
  • ICMP
    
  • TCP/UDP
    
  • Application Layer Protocols
    • DNS
      
    • SSH
      
    • SNMP
      
    • SMTP
      
• Access Controls
  • Operating Systems Access Control
    
    • Unix
      
    • OS X
      
    • Windows
  • Hardware Access Control
    
  • Middleware Access Control
    
• Attack and Defense on the Network
  • Vunrabilities in Networks
    
  • Defence Against Attacks
    
    • Configuration & patch management
      
    • Firewalls
      
    • IDS
    • Security protocols
      
• Cryptography
  • Symmetric Cryptography
    
  • Asymmetric Cryptography
    
  • One Way Functions
    
  • Security Protocols
    
  • Public Key Infrastructure
    
  • Cryptographic Vulnerabilities and attacks
    
• The Economics, Law and Terrorism in Information Security
  • Incentives & Motivations in Security
    
  • Weakest link Vs. Sum of Effort Security
    
  • Differences in Data Protection between US and Europe
    
  • Lock-in and the price of information
    
  • Information Security and the Law

Hacking Life Cycle

• Reconnaissance
  
  • Foot-printing
    
  • Social Engineering
    
• Scanning
  
  • Live Systems Scan
    
  • Port Scan
    
  • Service Scan
    
  • Enumeration
    
• Gaining Access
  
  • Client Side Attacks
    
  • Exotic Attacks
    
  • Physical Access Attacks
    
  • Exploit Frameworks
    
• Maintaining Access
  
  • Back Doors
    
  • Bind/Reverse Shell
    
  • Meterpreter
    
• Covering Tracks
  
  • Counter Forensics
    
  • Evading Audit Logs

Hacking on the Web - OWASP

• Attacks Against Web-Servers
  • Webserver Operation
  • Flaws in Webservers
  • Web Enterprise Architectures
  • Web Sub-Components
    
• Attacks Against Web-Sites
  • Authentication Mechanisms
  • Verbose Error Messages
  • Information Agthering on Web Mark-up
  • Cross Site Scripting
  • Session handeling Errors
  • Web Stie Structure Discovery
  • Parameter Manipulation
  • Directory Travesal
    
• Attacks Against Web-Applications
  • Web-Application Reconnaissance
  • Application Fuzzing
  • Injection Attacks
    • SQL Injection
    • CGI Injection
    • LDAP Injection
    • XML Injection
  • CRLF Attacks
    
• Attacks against Databases
  • SQL Injection
  • SQL Password Brute Focreing

Hacking Mobile Devices

• GSM
  • Evesdropping in GSM
  • TIMSI Catchers
    
• GPS
  • GPS Fundamentals
  • GPS Jamming
  • War Driving
  • Hacking GPSFirmware
  • GPS Diagnostics
    
• Wifi
  • Wifi Protocols
    • 802.11x
    • WEP
    • WPA
    • LEAP
  • WiFi Weaknesses
    • DOS Attacks
    • Evesdropping
    • Protocol Weaknesses
      • WEP, WPA, LEAP
      • Rogue AP
      • Hidden Node Problem
        
• RFID
  • RFID Systems
  • RFID Attacks
    • RFID Collisions
• Bluetooth
  • Bluetooth Attacks
    • Man-in-the-Middle
    • BlueSpam
    • Bluejacking
  • Weakness in Bluetooth Authentication
    
• Mobile Devices
  • Mobile Platforms
    • Palm OS
    • iPhone OS X
    • Windows Mobile
    • Symbian
    • Linux
    • Android
    • BlackBerry
  • Attack Surface Area
    • Infrared
    • USB
    • Wireless
    • Bluetooth MMS
    • SMS
    • Applications
  • BlackBerry Attacks
  • PDA Attacks
  • iPhone/iPod Attacks
  • Attacks using USB Devices
    • Dumping RAM using Cold Boot Attacks
    • Escalation of Privileges
    • Keyboard logging
    • Malware