Research & Technologie-Evaluation

Research is the foundation of our knowledge leadership. The intent of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level. In these cases we communicate the vulnerabilities to our clients and/or the manufacturer and assist in the development of a solution of the problem (e.g. patches) and as soon as a patch is available we publish advisories (ERNW Newsletter).

The Research-Team uses a variety of techniques: (legal) Reverse Engineering, Code Audits, Sniffing, Fault Injection.

Our current research topics are:

  • Virtualization Security
  • Lotus Notes/Domino Security
  • Log Compliance Tools
  • IPSec - new technologies and interoperability
  • SNMP
  • Network Admission Control (NAC)
  • Thin Client Security
  • Industrial Networks
  • Embedded Devices
  • Data Loss Protection

Howto: Hardening Cisco Access Points
In this document a basic hardening methodology for Cisco Access Points (of the 1200 series, most steps should apply to others as well) is described. [More]
Security Testing
Testing IT security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 ... [More]
Research & Technology-Evaluation
Research is the foundation of our Know-How leadership. The objections of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level.... [More]