»  Welcome   »  Projects   »  Others

Others

Madison Gurkha performs high profile projects for large organizations (quoted on the stock market). On this page you will find some examples of projects. References can be provided in the final stages of the decision making process of hiring Madison Gurkha.

Healthcare organization

Project: Black Box Audit IT infrastructure
Technology: Dial-In modem

For this organization Madison Gurkha did extensive research on technical security risks regarding external connections to the outside world. This organization, which takes IT security very serious, had their technical security very well organized. Until Madison Gurkha investigated the Dial-In connection. This Dial-In connection was, like within many companies, used to let administrators gain access to the network in case of emergencies. The authentication for the use of that particular connection was arranged within the client instead of the modem. By using another client, Madison Gurkha could easily gain access to the modem and therefore the entire network. After we reported our findings, the organization took the necessary measures to solve the risks of this internet connection.

Well-known web shop

Project: Crystal Box application audit with Code inspection
Technology: Java in combination with Websphere

A well-known Dutch web shop had fully rebuilt their internet presence. Because this extensive rebuild might introduce considerable IT security risks, the client asked us if we could perform a Crystal Box Security Audit with code inspection. During an audit like this we "play around" with the application to find risks and inspect the source code to quickly find areas of risk. Using the combination of the application and the source code, we are capable of working extremely efficient and find risks which would otherwise remain undiscovered. In this case we found, well hidden, a couple of high risks which would have allowed customers to purchase goods through other peoples bank accounts. The web shop has of course fixed this very interesting feature before any malicious users could make use of it.

International retailer

Project: Security Awareness
Technology: -

This very large globally operating retailer wanted to make its IT and staff employees more aware of information security risks. Therefore this company started a security awareness campaign. Madison Gurkha has advised the company about the important outlines of this campaign and we also provided many security awareness sessions in several countries. During these sessions we caught a lot of people’s attention, and were able to share our enthusiasm for information security and IT security with them.

Insurance Company

Project: Social Engineering
Technology: -

This Insurance company was curious to know if it would be hard to gain unauthorized physical access to the main office without physically breaking in. It took some perseverance and inventiveness, but all three planned social engineering scenarios proved successful. The "guest speaker in a hurry" was very convincing to the receptionist, who immediately gave him a badge and pointed him to the meeting room. Once inside, our consultant could easily gain access to the backdoor that leads to the smokers' area, which was located outside the office. Through that outside door, two other consultants found their way in as well by following some employees who were heading inside after their cigarette break. The last scenario, " the elevator mechanic", also worked well. With a nice overall, a fake elevator certification sticker and a toolbox, our "mechanic" had no problem whatsoever to gain access to the elevators, which in their turn led to the offices. The results of this Social Engineering attack are used in our Security Awareness sessions.

In another audit for the same Insurance company, Madison Gurkha investigated the vulnerability of the internal network. Like many internal networks, this network proved to be very vulnerable as well. The combination of poor access security and a vulnerable internal network leads to intolerable risks. That a lot of effort has been put in to solving these risks should be clear.