Security Superheroes

By Team Digit Published Date
01 - Apr - 2005
| Last Updated
01 - Apr - 2005
Security Superheroes
When an educational institute claimed that its physically segregated virtual network for students, employees and administrators could not be penetrated, a handful of IIT graduates proved it wrong. Having only the privilege and rights a student is entitled to, the team accessed a guest account, entered the administrators' network, then the students' and finally the employees' network.

The team is from iViz Techno Solutions (, a technology-driven products and solutions company conceived and based in IIT Kharagpur (IIT-K), West Bengal. iViz is a part of IIT-K's incubation programme, wherein graduates who would like to start a venture of their own are provided  infrastructure support. The company provides managed security services, anti-spam consultancy, Web and database security assessment, forensics and data recovery.

The Pioneers
The duo behind iViz are just in their twenties-and they have their quirks. Bikash Barai, 23, has a penchant for unconventional magic tricks, and enjoys the works of Swami Vivekanand and Netaji Subashchandra Bose. Nilanjan De, 25, enjoys science-fiction and is a confirmed night person.

Barai, head of business development at iViz, has always been deeply interested in anti-spam technology, network and wireless security, cognitive hacking and social engineering. He jointly holds several patents on anti-spam technologies. And so does De, now CTO of iViz. An electronics and electrical communication engineer from IIT-K, De is by now a known name in network security. 

The IIT Aura
Barai expalins, "iViz stands for 'intelligent vision'. We conceptualised this company in late 2003 when I was in my third year B.Tech. in computer engineering and De was a GRA (Graduate Research Assistant) at IIT-K. We had a grand vision of making computing free from all security threats. We got our company incorporated as 'iViz Techno Solutions' in February 2004."

iViz has a full-fledged office on campus. Apart from Barai and De, the core technical team  includes current IIT students Rudra Sinha Roy, an expert in penetration testing (see box on facing page), and Abhishek Dutta, a specialist in exploitation techniques. As of now, iViz has five full-time and 15 part-time employees and six consultants-all IIT-K alumni. Also, iViz' board of advisors has some of the most eminent educationists, professors and executives in India.

Teamwork At iViz
Team members keep up-to-date with the most recent exploits and vulnerabilities. They keep track of trends in intruder activities, analyse product vulnerabilities and malicious codes and record their research. De explains, "We develop customised security solutions based on our clients' needs. Our strength lies in penetration testing and security audit, and more so in exploitation development, vulnerability analysis and discovery." At the same time, De admits to having undertaken preliminary and at times not very challenging network security projects in order to sustain the company.
Managed Security Services
As the cornerstone of iViz' security solutions are Managed Security Services (MSS), which enable 24 x 7 monitoring and management of network security infrastructures. MSS comprise security audit, penetration testing, vulnerability analysis, security implementation and policy design. Through iViz' security information management architecture, critical security issues can be identified; clients can be alerted of impending danger; and appropriate and effective response measures can  be prepared.

"MSS is a set of services that start with the detection of vulnerabilities, followed by their elimination and then continuous maintenance of the system. Although most firms spend huge amounts on security, they end up building a house with strong iron doors and walls made of straw. MSS can equip them with robust security at a lesser cost," says Barai.

Looking Beyond Firewalls
Popular belief says that a firewall and an Intrusion Detection System (IDS) can keep an organisation safe. Not so, claims Barai. "In all the sensational hacking cases we have seen, the affected parties had firewalls and IDSes. We look beyond firewalls and IDSes to find vulnerabilities in the human and computer interface-one of the weakest links in the chain, which determines the effectiveness of security. We help organisations become secure from all known vulnerabilities."

Penetration Testing
A part of MSS, penetration testing is popularly known as ethical hacking. An established technique for the live testing of network security,  penetration testing attempts to compromise a system, as a potential attacker would, to see what kind of information is actually divulged, thus determining the vulnerability of a system. It enables companies to receive a real-life vulnerability test of their security status.

We look beyond firewalls and IDSes to find vulnerabalities in the human and computer interface-one of the weakest links in the chain, which determines the effectiveness of security
Nilanjan De, Chief Technology Officer, iViz Techno Solutions

The iViz team has exposed several vulnerabilities and exploits that were hitherto unknown. "A valuable testing, auditing and evaluation tool, penetration testing can be conducted remotely over the Internet and does not require physical access to the premises or any privileged information such as usernames or passwords. It involves detection of vulnerabilities, their removal, and then, continuous maintenance of the system," says De. For a network with three to four servers and 100-odd users, the iViz team can complete penetration testing in three days.

Bramhastra To The Rescue
iViz has built a penetration testing tool called Bramhastra. "Bramhastra simulates an attack that can be launched by the worst possible malicious user. It tests the security of an organisation by actually breaking into the system, gives a report and suggests measures to correct the flaws and finally, it clears up all the traces of the test," reveals Barai and claims that Bramhastra can break into the toughest of networks.

Bramhastra is supposed to be able to break into the toughest of networks. New exploits are constantly added to keep the Bramhastra updated. iViz claims to be the sole Indian company to have developed such a tool.

Network Security Jargon 
Penetration Testing: Also called ethical hacking, it entails breaking into the security network of a system to assess its flaws
Vulnerability Analysis: Assess vulnerabilities of a system to security threats
Security Audit: Appraisal of the existing security framework of a company Exploit
Development: Exploiting existing vulnerabilities in a system in order to know all existing flaws in security

Blocking With Spam Walls
iViz also has a patented algorithm to detect spam that passes through conventional filters and is  provably more efficient than other solutions such as 'Bright mail Anti Spam Enterprise Edition', 'MacAfee Spam Killer' and 'Postini Perimeter Manager'. 'Spam Wall' is a unique anti-spam solution from iViz that can be used for individual and server installations. It is a hardware-based filter that sits between the mail server and the Internet. Spam Wall is platform-independent, and one just has to plug-and-play. Once installed, it takes a week to resolve the spamming problem.

A major issue with existing anti-spam solutions is the large number of false positives returned (valid e-mails being stopped as spam). "With 'Spam Wall' we already ensure extremely low false positives. Hopefully, we will be able to guarantee zero false positives in a few months," assures Barai.    

The Road Ahead
iViz conducts its core research work and product development at IIT-K, and has a marketing and corporate presence in Kolkata and Texas, USA. Currently, iViz is looking for venture funding for further expansion. It has job openings for professionals with a deep knowledge of security fields and a zest for innovation.

iViz wants to make computing secure at an affordable price. Barai says, "We plan to market our products shortly. In fact, the beta versions are ready. However, we are not sure about marketing the Bramhastra, as it could be very dangerous if it falls into the wrong hands." The team will soon provide training on computer security.

"This is just the beginning and the best is yet to come," reflects De. With its grand vision of cordoning off the increasingly susceptible virtual space from anti-social elements, the student-turned-entrepreneurs of iViz Techno Solutions will have to keep up the good work.

Team DigitTeam Digit

All of us are better than one of us.