Our Services
ICS / SCADA Security
Cyber attacks have replaced terrorism as the primary security threat to critical infrastructure...
 
CyberNoesis, with its extensive experience and expertise in securing SCADA and Critical Infrastructure Systems and Networks, has developed proven methodologies for conducting penetration testing and vulnerability assessments safely on production control systems as well as testbed/sandbox systems. We specialize in helping industrial clients achieve compliance with CFATS, EG2, NERC SIP, NIST 800-53 rev3 and other regulatory frameworks that impact mission critical systems. Our core service areas are:
 
  • Security Assessments
  • Architecture Review / Design
  • Monitoring
  • Incident Management
 
Being a "vendor neutral" company, CyberNoesis is in a position to effectively and objectively determine the remediation measures most appropriate for its clients, taking into consideration their business objectives and threat exposure.
Core Telecom Networks Security
The technological and operating standards on which modern telecom/mobile networks are based, dates back to the SS7 standard which was developed in the 1970s. At that time, safety protocols involved physical security of hosts and communication channels, making it impossible to obtain access to an SS7 network through a remote unauthorized host. In the early 21st century, a set of signaling transport protocols called SIGTRAN were developed. SIGTRAN is an extension to SS7 that allows the use of IP networks for the transfer of messages. However, even with these new specifications, security vulnerabilities within SS7 protocols remained.
 
As a result, a malicious assailant is able to send, intercept and alter SS7 messages by executing various attacks against mobile networks and their subscribers.
 
CyberNoesis has developed methodologies to assist its clients in the following areas: 
 
  • Infrastructure Protection
  • Radio Access
  • OSS/BSS
  • SS7/SIGTRAN
  • VAS/MSS
  • Review of security settings around key network elements (HLR/AUC, MSC, IN, GGSN/SGSN, SS7 etc)
  • Security review of interfaces with VAS and OSS/BSS elements 
  • Review of network segregation
  • Encryption & ciphering standards
  • Organisational review of security strategy and management
  • Security incident reporting & escalation practices
     
Telecommunications today, rely on technologies that were developed decades ago, when security was not really a concern...