Services

Network Penetration Testing

A Hybrid Approach

Throughout the network penetration testing process, automated, as well as comprehensive manual testing, will be used to identify all network and business-logic related vulnerabilities. At MainNerve, all of our security tests go beyond international standards such as NIST, and come with a detailed final report that includes an executive summary, a listing of risk ratings, remediation recommendations, and more.

Identify Network Vulnerabilities and Exposures

Throughout the network penetration testing process, automated, as well as comprehensive manual testing, will be used to identify all network and business-logic related vulnerabilities. At MainNerve, all of our security tests go beyond international standards such as NIST, and come with a detailed final report that includes an executive summary, a listing of risk ratings, remediation recommendations, and more.

Systematic Protection
Our Process

MainNerve ensures that all penetration testing follows the methodology defined in the NIST SP-115 for network and wireless penetration testing as well as OWASP for web application penetration testing. These methodologies ensure a clear, well defined approach to the testing of your infrastructure, applications and employees.

Planning

The planning stage of penetration testing will include regular communication with the client’s key points of contact to understand the overall scope of the project to include project objectives, rules of engagement and limitations.

Discovery

MainNerve will perform an extensive search for open source information using tools and techniques to gather information on the client with the explicit goal of identifying technical data about the external and/or internal network infrastructure for targeting.

Attack

Exploiting vulnerabilities using a blend of custom, open source, and commercial software tools to exploit vulnerable hosts with the explicit intention of accessing sensitive information, establishing a persistent presence on the system, and exploiting the trusts of related systems.

Reporting

Considered the most critical step in penetration testing, our reports communicate all penetration test findings in a comprehensive and clear report to the client.

Looking for a First-Class
Cybersecurity Expert?
Discover internal and external security gaps through safely, and expertly, simulated attacks on your network.
Social Engineering
Scams
Spear Phishing

Spear phishing is a highly-targeted form of attack. Spear phishers use carefully crafted emails alongside social engineering tactics to convince individuals to both open and engage with the email.

Consumer Phishing

Consumer phishing is a type of attack in which a criminal sends a deceptive email that appears to come from a respected brand. This is usually done in order to gain individual account credentials.

Data Breach

Data breaches are frequently the result of intrusions caused by credential theft or the installation of malware. This is in turn fueled by social engineering and identify deception techniques.

Ransomware

Ransomware is a form of malware that infects the computers of its victims. From there, content is encrypted, and the victim is required to pay a ransom in order to regain access to their content.

Email Compromise

Email compromisation, or Business Email Compromise (BEC), is a sophisticated email attack in which a criminal sends a victim’s emails to an organization’s employees. It’s also known as CEO fraud.

Identifying Vulnerabilities for
Customized Recommendations
Port Mapping

Identify the ports open on each device.

System Identification

Identify the name and location of systems on the network, as well as, the operating system and any running services.

Known Vulnerability Analysis

Check for well-known vulnerabilities that can exist in web servers, FTP servers, DNS servers, etc.

Service Mapping

Test for the operating system and services running on each exposed system.

Unauthorized Access to Sensitive Data

Attempt to access and retrieve sensitive data from targeted systems by exploiting application or operating system vulnerabilities.

Firewall Probing

Probe firewall for open ports or services.

Active Defense Evasion

Methods to evade or obfuscate the ability of active defenses (like intrusion prevention systems) to properly prevent known attack techniques.

Internet Mapping

Enumerate the network’s relationship and exposure to the Internet, including DNS and host name (domain name) registration information.

Essential Steps
Advantages to Penetration Testing
uu

Evaluate the effectiveness of your security measures

UU

Identify vulnerabilities in your IT architecture

dd

Exercise security team procedures and policies

Test cyber incident response measures

NN

Sustain compliance requirements

Establish a baseline for additional security screenings

Lorem Ipsum
Value-Add Services
Network Penetration Testing

Network penetration testing assists with the identification and examination of vulnerabilities for external, Internet-facing and internal, intranet systems. A network pen test will help determine whether an attack can exploit and compromise targeted systems. Take the next step to improving your business’ security with a network pen test.

Compliance Solutions

MainNerve’s compliance solutions are designed to help fill one of the biggest challenges for businesses: staying in alignment with the exhaustive list of Governance, Risk Management, and Compliance (GRC) requirements. From PCI DSS and HIPAA, to CJIS and FINRA, MainNerve can help your business navigate the GRC landscape with specialized penetration tests.

Web App Penetration Testing

Web application penetration testing is designed to assess and test the state of your web-facing applications, and provide actionable remediation recommendations for enhancing your security. Ensure that your web applications are protected from malicious cyber threat actors. MainNerve web app pen tests are designed to review all types of web servers.

Want to Learn More?

Lorem Ipsum
Security Risk Assessment

As threats to computer systems grow more complex and sophisticated, risk assessments are an important tool for organizations to rely on as part of a comprehensive risk management program. This security risk assessment will help the customer to:

  • Determine the most appropriate risk responses to ongoing cyber-attacks.
  • Guide investment strategies and decisions for the most effective cyber defenses to help protect your organizational operations (including missions, functions, image and reputation), organizational assets, and employees.
  • Maintain ongoing situational awareness of the security state of your organization’s information systems and the environments in which those systems operate.

The risk assessment methodology and approach will be conducted using the guidelines in NIST SP 800-30, “Risk Management Guide for Information Technology Systems.” The assessment is broad in scope and evaluates security vulnerabilities affecting confidentiality, integrity, and availability of information. The assessment report will recommend appropriate security safeguards, permitting customer management to make knowledge-based decisions about security-related initiatives. MainNerve will hold regular status meetings with key personnel to report on progress, discuss any issues that may have been identified, and solicit feedback and guidance related to the engagement. This will ensure that all interested parties are well informed as work progresses and any issues requiring immediate attention or further validation are promptly addressed. The following controls are assessed:

  • Administrative Safeguards: This information includes policies and procedures revolving around the administrative side of protecting networks and resources. These policies and procedures may include information about termination procedures and requirements, when training is conducted, sanction policies, etc.
  • Physical Safeguards: This section assess the policies and procedures used to protect the physical networks and resources. These safeguards might include locks on doors to server rooms, how access to said server rooms is granted, and who has the authority to grant access.
  • Technical Safeguards: This information gathered in this sections allows MainNerve to determine how well the networks and resources are protected technically and virtually. This will include procedures on allowing employees access to specific data required to do their jobs, information about encryption, anti-virus and anti-malware software, as well as information gleaned during the vulnerability scan and penetration test.

MainNerve will hold regular status meetings with key personnel to report on progress, discuss any issues that may have been identified, and solicit feedback and guidance related to the engagement. This will ensure that all interested parties are well informed as work progresses and any issues requiring immediate attention or further validation are promptly addressed.

Gap Analysis

MainNerve will interview key personnel identified by the customer either by questionnaire or phone and perform document reviews in accordance with NIST SP800-30. Document reviews will provide the MainNerve risk assessment team with the basis on which to evaluate compliance with policies and procedures in order to ultimately identify potential shortfalls in the administrative, technical, and/or physical security posture.

Deliverables (Excluded from Gap Analysis)

The following deliverables may be provided as part of the engagement depending upon services chosen:

  • Gap analysis results that include risk rating and assessment of items such as: physical safeguards, network resources inventoried, data protection measures, log monitoring and auditing.
  • *Risk ratings results based on interview or questionnaire (High, Medium, Low, Risk number)
  • *The final report will provide information on current assessment and findings of customers’ security posture, recommended remediation and a description of potential risk due to non-remediation.
  • *A “Crosswalk to Security” report will also be provided to assist customer in how to develop a plan to mitigate risk. The findings will be presented as a strategic “Crosswalk” in the form of recommendations only. These recommendations are intended to assist the customer’s security posture. This includes items such as: recommended security roles, how to evaluate key security policies and controls ongoing, control implementation guidelines and internal review processes.
  • Remediation recommendations.

The deliverables will be provided to the customer via secure e-mail or through a secure website as mutually agreed. All final deliverables are shared only with the customer approved representatives.