Media information

OneConsult GmbH opens branch in Lyon (France)

Thalwil/Lyon, 18 March 2008

The Swiss security consulting company OneConsult GmbH opens French branch in Lyon under direction of Fabien Dombard.

The internationally operating IT security- and strategic consulting specialist OneConsult GmbH opened in May 2007 its branch in Vienna and founded in June its subsidiary OneConsult Deutschland GmbH located in Neu-Ulm. The pleasant growth lead to the next milestone: the opening of a first office outside the DACH region. Last Friday OneConsult opened its French branch in Lyon to enter the French language region. This step strengthens OneConsult's presence in the EU.

Mister Fabien Dombard is the manager of the French office and is in charge for the continuous growth in the French language region. He has been working for OneConsult since 2007 as a security consultant with special focus on technical audits, security aspects of new communication technologies, databases and VoIP networks.

Media information in pdf format (in German)

Announcement

Swiss Infosec 2007

OSSTMM für GRC – ein ideales Paar

Martin Rutishauser (OneConsult) discusses in his speech systematic technical security audits in accordance with the de-facto standard OSSTMM (Open Source Security Testing Methodology Manual) with special focus on governance, risk and compliance.

Further information and registration (in German)

Computerworld - HELPDESK IT-Security

So gleisen Sie Security Audits effizient auf

Article by Christoph Baumgartner (OneConsult) about organisational and technical security audits.

Security Fachtagung

Technische Audits - State of the Art nach OSSTMM

Christoph Baumgartner (OneConsult) discusses in his speech systematic technical security audits in accordance with the de-facto standard OSSTMM (Open Source Security Testing Methodology Manual).

Media information

OneConsult GmbH founds subsidiary in Germany

Thalwil/Neu-Ulm, 26 June 2007

The Swiss security consulting expert OneConsult GmbH founds OneConsult Deutschland GmbH under direction of Holger Gerlach.

The IT security- and strategic consulting specialist OneConsult GmbH founded its subsidiary OneConsult Deutschland GmbH located in Neu-Ulm on 21 June 2007. The manager and person in charge for the stable growth is Holger Gerlach, representing OneConsult GmbH in Germany since May 2006.

Holger Gerlach (35), is IT security specialist since 1996 and has extensive experience as a project manager and consultant specialized in IT security management. He is a licensed IT-Grundschutz auditor and certified data protection officer in the information technology department of the federal office for security (Bundesamt für Sicherheit, BSI).

His first employee who will start on 1 July as a consultant is Jakob Pietzka, M. Sc. in «Advanced Computer Science», graduated computer scientist (UAS) and IT professional since 1999. He has worked for an international IT group and in the research department of one of the biggest automotive manufacturers for 2.5 years, already then using the OSSTMM. Jakob Pietzka's strengths are automated software testing, security testing and secure software engineering. He is an expert in network technologies, Linux systems and IT security.

The reason for the foundation of OneConsult Deutschland GmbH is to meet the demand of various major enterprises to have a local presence of OneConsult in Germany, and to follow the logical consequence of a continuous international growth strategy, states OneConsult-CEO Christoph Baumgartner.

Media information in pdf format (in German)

Computerworld - HELPDESK IT-Security

Rootkits: Sichtung des Unsichtbaren

Article by Simon Wepfer (OneConsult) on rootkits, their characteristics and how to detect them.

netzwoche - it-security

Schweizer IT-Sicherheitsanbieter sind reif für die Konsolidierung

Article by Jonas Grossniklaus (netzwoche) on the situation in the Swiss it security industry in which OneConsult's opinion is stated.

Media information

OneConsult GmbH becomes partner of ISECOM

Thalwil / Barcelona, 1 June 2007

Swiss OSSTMM Pionier OneConsult to become accredited training partner of ISECOM

ISECOM's (www.isecom.org) Open Source Security Testing Methodology Manual (OSSTMM) defines a free methodology for planning, conducting and documenting technical security audits and shows the security level of the target as a numerical value. The methodology is compatible with ISO/IEC 2700x, IT Grundschutzhandbuch (baseline security), ITIL, Basel II and SOX, etc. and the German Bundesamt für Sicherheit in der Informationstechnik (BSI) recommends the OSSTMM for technical audits.

OneConsult and its employees conducted projects in accordance with the OSSTMM since 2002 making OneConsult an OSSTMM pioneer in Switzerland and based on the number of projects a leading company in the German language region.

OneConsult is an ISECOM Licensed Auditor (ILA), Gold Level since autumn 2006. The ISECOM Partner Status allows OneConsult, to conduct trainings for the ISECOM certification types OSSTMM Professional Security Tester (OPST), OSSTMM Professional Security Analyst (OPSA), OSSTMM Professional Security Expert (OPSE), OSSTMM Wireless Security Expert (OWSE) and Hacker Highschool Teacher (HHST).

CEO and owner Christoph Baumgartner, an ISECOM Core Team member, names this partnership a milestone in the strategic cooperation with ISECOM. Especially, since this training authorisation completes the OSSTMM-related service portfolio of OneConsult.

Media information in pdf format (in German)

Media information

OneConsult GmbH broadens management team and opens Austria branch in Vienna

Thalwil / Vienna, 22 May 2007

Martin Rutishauser, former Branch Manager and Senior Consultant at the IT security supplier OneConsult joins the management team as Director Training.

With Christoph Baumgartner, CEO and Simon Wepfer, CTO, Martin Rutishauser takes on responsibility in the management team as Director Training with immediate effect. He will be in charge for the future training portfolio to be enhanced in the future and still manages the Berne office.

OneConsult opened branch in vienna before Whitsun.

IT security and strategic consultancy specialist OneConsult GmbH today opened the branch Austria in Vienna in the Twin Tower. CEO Christoph Baumgartner reasons the move with the increased demand for OneConsult services in foreign countries and as a logical extension of the company's international growth strategy.

Media information in pdf format (in German)

Computerworld - HELPDESK IT-Security

Sicherheit für Datenbanken von Oracle

Article by Martin Rutishauser (OneConsult) about the (in-)security of Oracle databases and appropriate hardening measures.

hakin9

Interview with the CEO of OneConsult

Christoph Baumgartner (OneConsult) talks about OneConsult, OSSTMM, their progress and other trends in the IT-scene.

Computerworld - HELPDESK IT-Security

RAV: Securityniveau als Zahlenwert

Article by Christoph Baumgartner (OneConsult) about security metrics specified by the OSSTMM.

Press information

OneConsult GmbH Strengthens its Consulting Team

Thalwil, 2 April 2007 - Fabien Dombard strengthens the security auditing team of OneConsult GmbH

The internationally active Swiss consulting company OneConsult GmbH streghtens its consulting team. Fabien Dombard joined the consulting team in Berne as a Consultant at the beginning of March.

Fabien Dombard has been working in IT since 2000. Before joining OneConsult, Fabien worked for several IT service providers. He has project and consultancy experience in the field of security, with a particular emphasis on technical security audits. His specialist areas are penetration testing, reverse engineering, VoIP technology and security, and the development of security tools and exploits. Fabien has conducted several OSSTMM-compliant security audits and will be OSSTMM-certified shortly.

Computerworld - Praxis / Test

Freier Analytiker fürs Netzwerk

Article by Simon Wepfer (OneConsult) on the packet generator and analysis tool Hping.

Computerworld VoIP-Konferenz 2007

Wie man VoIP sicher betreibt (Presentation accompanying the speech in pdf format)

Martin Rutishauser (OneConsult) gives a brief introduction to the security aspects of VoIP technologies.

Computerworld - Produkte / IT-Security

Security-Testing - Selbst ist der Hacker

Review of the Kompaktseminar 'Hacking für Sicherheitsbeauftragte' by Jens Stark (Computerworld).

hakin9 - Abwehrmethoden

Technische Security Audits nach OSSTMM

Article by Christoph Baumgartner (OneConsult), Pete Herzog (ISECOM) & Martin Rutishauser (OneConsult) on using the Open Source Security Testing Methodology Manual (OSSTMM).

Computerworld - HELPDESK IT-Security

Portscanning: Guck' mal, wer da spricht!

Article by Martin Rutishauser (OneConsult) about Portscanning.

Press information

OneConsult GmbH Strengthens its Consulting Team

Thalwil, 13 February 2007 - Balz Walther strengthens the team of OneConsult GmbH

The internationally active Swiss consulting company OneConsult GmbH streghtens its consulting team. Balz Walther joined the consulting team in Berne as a Senior Consultant at the beginning of February.

Balz Walther startet his career as a mechanic and came to the IT sector as a professional audio and sound engineer in the year 1997, when he was responsible for big networks in international companies. He could deepen his experience in system adminsitration, network security and software distribution. Balz Walther worked in recent years as (sub) project manager for large enterprises and knows the problems of major IT projects. He adopted his security know-how in client projects and consequent training in the fields of network and host security. Balz Walther has a sound knowledge in project management ICT, Microsoft Windows, firewalls, networks, as well as application integration and software distribution.

Computerworld - IT Security HELPDESK

Protokoll Tunneling: Wolf im Schafspelz

Article by Christoph Baumgartner (OneConsult) on protocol tunneling techniques and suitable counter measures.

Press information

OneConsult GmbH Strengthens its Administrational and Sales Team

Thalwil, 8 February 2007 - Miriam Wepfer strengthens the team of OneConsult GmbH

Miriam Wepfer started her career in 1988 at a renowned cash register and host systems manufacturer and gained further administrative experience with a major Swiss bank. 1998 she joined one of Switzerland’s most established event companies as sales and marketing agent and further educated her self in this area. Since 2000 she has led her own company (since her employment with OneConsult, part-time only) as well as acting as project manager and consultant in various corporate events. Miriam Wepfer is an experienced marketing advisor with excellent communication skills.

COMPUTERWOCHE

Herausforderung IT-Grundschutz

Article by Holger Gerlach (OneConsult) about Baseline Security and the way to implement it.

Computerworld - IT-Security / Produkte

Neue Kompaktseminar-Reihe: Security für IT-Profis

Article by Jörg Rothweiler (Computerworld) about the trainings offered by OneConsult and ISPIN in cooperation with Computerworld.

Computerworld Online

Was ist OSSTMM?

Online article by David Witassek (Computerworld) about OSSTMM in which OneConsult is mentioned as Swiss OSSTMM pioneer.

New OSSTMM (Open Source Security Testing Methodology Manual) Release, Version 2.2

OSSTMM 2.2 (Open Source Security Testing Methodology Manual) is the latest release for auditors, penetration testers, ethical hackers, and the like. With OSSTMM 3.0 still in peer review and undergoing many edits for clarity, ISECOM decided to update the current 2.11 with the reviewed research to make immediate and necessary improvements to the current security testing standard. The improvements are based on new research like Error Types committed during tests and Test Types which breaks down black box, white box, and gray box tests into 6 categories. The biggest addition however is the security metrics which allow for a realistic calculation of security operations. The manual is also much cleaner to make it more presentable for those who like to present it to their executive management or even their customers.

The OSSTMM can be downloaded for free on ISECOM's website.

New training opportunities: Computerworld Kompaktseminare

In 2007 we offer intensive one day-lasting trainings named «Computerworld Kompaktseminare» to various topics in cooperation with IDG Communications AG (= owner of the publication Computerworld). The course instructors belong to OneConsult's staff. The courses are customized to the requirements of IT Security Officers. You can find further information in the advertisement and/or on IDG's event portal.

SWISS INFOSEC 2006

Life-Demo: Wireless? Mit Sicherheit! (Presentation accompanying the speech in pdf format)

Martin Rutishauser (OneConsult) discusses in his speech the security of wireless technologies.

Computerworld - Finance Forum / Fokus

Cybercrime: Wie man sich davor schützt

Article by Christoph Baumgartner (OneConsult) und Marco Marchesi (ISPIN AG) on cybercrime and appropriate measures.

SWISS INFOSEC 2006

Security Audits nach OSSTMM - Transparenz und Vergleichbarkeit dank Normenkonformität (Presentation accompanying the speech in pdf format)

Christoph Baumgartner (OneConsult) discusses in his speech systematic technical security audits in accordance with OSSTMM (Open Source Security Testing Methodology Manual).

Computerworld - IT Security HELPDESK

Compilierter Code unter der Lupe

Article by Simon Wepfer (OneConsult) on application reverse engineering.

Website expanded

We have listed new security tools in the download section.

Website expanded

Website Expanded

We have expanded our website to meet the requirements of our International clients. The key changes are:

• English language support
• New official service: Computer Forensics: Our staff has performed several projects in this area in recent years - but we did not promote it yet.

We would like to thank everybody who offered their comments and suggestions.

OneConsult enters into Strategic Partnership with ISPIN

Thalwil / Bassersdorf, 4 October 2006 - OneConsult GmbH and ISPIN AG join their forces and enter strategic partnership. Both IT-security specialists are going to work together in the future on a project base. ISPIN brings in its broad knowledge of organizational security and OneConsult brings in its competence in the field of technical audits.

OneConsult became a known spezialist in the fields of comprehensive technical security audits in accordance with OSSTMM (Open Source Security Testing Methodology Manual) and similar services in recent years. ISPIN can access these competences in future projects and broaden and deepen its know-how in the OSSTMM compliant technical audit area like penetration test, ethical hacking and applications security audit and system hardening.

In return OneConsult benefits of ISPIN's longtime experience in the area of organizational security like ISMS (Information Security Management Systems), BCM, crisis management, OpRisk Management, ControlR), technical security (security infrastructure architectures, web entry security, secure e-mail, secure authentication service, IAM (Indenty and Access Management, mobile security and vulnerability management) as well as legal consulting services.

The clients of both companies should benefit from this cooperation because it allows both ISPIN and OneConsult to offer comprehensive security services in a competent, thoroughgoing, and modular manner.

Press information in pdf format (in German)

Computerworld Conference - Mobile & Wireless '06: Technopark Zurich

Wireless - aber sicher (Presentation accompanying the speech as a pdf file)

Martin Rutishauser (OneConsult) gives a brief introduction to the various technologies (wireless LAN, Bluetooth, wireless) and then highlights some of the main risks and the security measures that can be taken to deal with them. The topics addressed include bugging, identity and data theft as well as encryption vulnerabilities. Finally, he presents two concise summaries of his recommendations for business and private users of wireless technologies.

Computerworld - IT Security HELPDESK

BCM leicht(er) gemacht

Article by Christoph Baumgartner (OneConsult) on Business Continuity Management (BCM).

Computerworld - News / Online

Tools und Tipps für Sicherheitstester

Article by Alina Huber (Computerworld) on Computerworld's 'Hackertools blog' that is maintained by OneConsult. Contains comments by Christoph Baumgartner (OneConsult).

Computerworld - IT Security HELPDESK

(Un-)Sicherheit von Passwörtern

Article by Martin Rutishauser (OneConsult) on the secure - and insecure - use of passwords.

Press information

OneConsult GmbH enters into Strategic Partnership with GPP AG

Thalwil/Oberhaching, 29 August 2006 - OneConsult consolidates its public sector distribution position in Germany through a strategic partnership with GPP

IT security and strategic consulting specialist OneConsult GmbH and the German system and consultancy firm GPP AG, which works with industry and the public sector, have entered into a strategic partnership.

The move complements GPP's IT security services portfolio, particularly in the area of technical audits (penetration tests, ethical hacking and application security audits in accordance with OSSTMM). For OneConsult, the strategic partnership is designed to provide an entry into public projects in Germany.

OneConsult CEO Christoph Baumgartner sees this collaboration as a logical extension of the company's international growth strategy, while for GPP, it is an opportunity to grow further by expanding its areas of activity.

Press information in pdf format (in German)

Computerworld - NEWS

Vista Beta 2: Eine Baustelle

Article by Claudia Bardola (Computerworld) on the security of Microsoft Vista 2, with comments by Simon Wepfer (OneConsult).

Computerworld - IT Security HELPDESK

VPN - So funktionierts ohne Risiko

Article by Oliver Gruskovnjak (OneConsult) on secure VPN configuration.

Information / Computerworld - NEWS

OneConsult Maintains 'Hackertools' blog at www.computerworld.ch

Thalwil/Zurich, 23 June 2006 - OneConsult, in association with the weekly IT magazine COMPUTERWORLD, presents security tools in its 'Hackertools' blog.

Computerworld, together with IT security specialists OneConsult, is to publish a regular blog highlighting new hacking tools and their undocumented functions. Published at www.computerworld.ch/blogs/hackertools, the blog is not intended to encourage hacking; rather, it is a place where security professionals can demonstrate the aids they use to carry out IT vulnerability tests. The blog also aims to show how hackers can use powerful tools that are freely available on the Internet to gain access to sensitive information and cause serious damage at the touch of a button, unless effective countermeasures are implemented. Hacking or cracking is a criminal offence in Switzerland unless it is conducted with the express approval of the owner and operator of the system being investigated. 'Testing' third-party systems without written consent is therefore forbidden.

The first entry in the blog presents the functionalities of the Unicornscan port scanner. This OSSTMM-compliant tool can carry out high-performance tests on large address areas and reliably identify the services lying behind them.

Original article from Computerworld (in German)

Computerworld - IT Security HELPDESK

IDS - Big Brother is helping you

Article by Oliver Gruskovnjak (OneConsult) on intrusion detection systems (IDS).

Computerworld - IT Security HELPDESK

Fallenstellen mit System

Article by Oliver Gruskovnjak (OneConsult) on honeynets / honeypots.

Computerworld - IT Security HELPDESK

Löschen und was übrig bleibt

Article by Simon Wepfer (OneConsult) on secure and insecure ways of deleting/wiping files.

Press information

OneConsult GmbH Opens Office in Berne and Expands Consultant Team

Thalwil/Berne, 3 June 2006 - OneConsult opens office in Berne headed by Martin Rutishauser and welcomes Oliver Gruskovnjak to its team of consultants

IT security and strategic consultancy specialist OneConsult GmbH is opening an office in Berne. It will be managed by Martin Rutishauser, supported by Oliver Gruskovnjak, who has been a consultant with OneConsult since the start of June. The move is a response to increased demand for OneConsult services in the Berne area and a sharper focus on public administration.

Oliver Gruskovnjak is 21 and has been involved in IT since 1999. He previously worked at a major federal administration IT service provider, where he was responsible for the development and maintenance of Linux/Unix systems. He has been working in IT security since 2002. Oliver Gruskovnjak's special areas are host security, penetration testing, network security, system hardening, security tools and IDS/IPS. He is a certified OSSTMM Professional Security Tester (OPST).

CEO Christoph Baumgartner values Oliver Gruskovnjak's specialist and interpersonal skills and sees the expansion in the Berne area as part of the company's growth strategy.

Press information in pdf format (in German)

Computerworld - IT Security HELPDESK

Sicherheitsüberprüfungen mit System

Article by Martin Rutishauser (OneConsult) on security testing in accordance with OSSTMM (Open Source Security Testing Methodology Manual).

Computerworld - IT Security HELPDESK

Kabellose Keyboards sind Zeitbomben

Article by Martin Rutishauser (OneConsult) on the security aspects of wireless keyboards.

Press information

OneConsult GmbH Opens Representative Office in Germany

Thalwil/Neu-Ulm, 8 May 2006 - OneConsult is opening a representative office in Germany headed by Holger Gerlach

IT security and strategic consultancy specialist OneConsult GmbH is opening a representative office in the German town of Neu-Ulm. Holger Gerlach has been appointed to manage and build up the office. The move is a response to increased demand for OneConsult services in southern Germany.

Holger Gerlach is 34 and has been working in IT security since 1996. He has extensive experience as a project manager and consultant specializing in IT security management. He is a data protection auditor licensed by the German Federal Office of Information Technology Security (BSI) and a certified data protection auditor. Holger Gerlach works in this capacity for a range of international companies.

CEO Christoph Baumgartner sees the expansion in south Germany as part of the company's growth strategy.

Press information in pdf format (in German)

Press information

OneConsult GmbH Strengthens its Consulting Team

Thalwil, 5 May 2006 - Martin Rutishauser strengthens the consulting team at OneConsult GmbH

Martin Rutishauser has been a Senior Consultant at IT security and strategic consultancy specialist OneConsult GmbH since the beginning of May 2006. In his previous function at a Berne-based consulting company, he was a lead security auditor/lead security analyst. Prior to that, he worked as an IT security officer at the Swiss federal administration. Martin Rutishauser is 30 years old and an ISECOM (Institute for Security and Open Methodologies, www.isecom.org) certified OSSTMM trainer, OSSTMM Professional Security Tester (OPST) and OSSTMM Professional Security Analyst (OPSA). He has also completed the postgraduate diploma in data protection and IT security at the Lucerne University of Applied Sciences and Arts.

CEO Christoph Baumgartner sees the appointment of Martin Rutishauser as a logical extension of the strategic focus on OSSTMM/ISECOM and values Martin Rutishauser's technical and interpersonal skills.

Press information in pdf format (in German)

COMPUTERWOCHE

Open-Source-Tools prüfen IT-Sicherheit

Article by Simon Wepfer (OneConsult) on security testing using open source tools and open source methods (OSSTMM).

Computerworld - IT Security HELPDESK

Der Weg zum professionellen Security-Tester

Article by Christoph Baumgartner (OneConsult) on the requirements for aspiring security testers and technical auditors, and the various education and training options available.

04/05/06

EUROFORUM SecurITy Forum 2006

Application Security Audits - Applikationen auf den Zahn gefühlt (Presentation accompanying the speech in pdf format)

In his speech, Christoph Baumgartner (OneConsult) discusses integrated application security testing, using a practical example to highlight the technical, organizational and financial aspects and offer recommendations.

Computerworld - IT Security HELPDESK

Kommunikation via Instant Messaging

Article by Simon Wepfer (OneConsult) on problems and solutions in connection with instant messaging.

03/17/06

New website

Website Overhauled and Expanded

The layout of our website has been virtually unchanged since 2003. Now, we have overhauled and expanded it to meet growing requirements. The key changes are:

• Jobs: Details of career opportunities at OneConsult.
• News: Full details of news and developments linked to OneConsult.
• Publications: Due to the large number of publications from OneConsult, these are now only available in pdf format (and not, as previously, in HTML).

We would like to thank everybody who offered their comments and suggestions. OneConsult will be expanding in the weeks and months ahead, and our website will be growing too. Watch this space!

Computerworld - IT Security HELPDESK

Webapps vor SQL-Injection geschützt

Article by Simon Wepfer (OneConsult) on protecting against attacks on database-supported web applications.

Computerworld - IT Security HELPDESK

Mit System zur IT-Sicherheitsrichtlinie

Article by Christoph Baumgartner (OneConsult) on creating IT security guidelines using existing documentation.

HIS software roundtable on Compliance

Security Testing nach OSSTMM (Presentation accompanying the speech in pdf format)

Christoph Baumgartner (OneConsult) discusses systematic technical security testing in accordance with OSSTMM (Open Source Security Testing Methodology Manual).