Network Penetration Testing
Assess the effectiveness of your security controls through
the manual analysis of your internal and external networks.
Discover internal and external security gaps through safely, and expertly, simulated attacks on your network.
Network Penetration Testing:
A Hybrid Approach
Throughout the network penetration testing process, automated, as well as comprehensive manual testing, will be used to identify all network and business-logic related vulnerabilities. At MainNerve, all of our security tests go beyond international standards such as NIST, and come with a detailed final report that includes an executive summary, a listing of risk ratings, remediation recommendations, and more.
Identify Network Vulnerabilities and Exposures
MainNerve network penetration testing is designed to test your IT systems and uncover potential exposures within your network just as an attacker would—by hacking it. Our expert penetration testing truly simulates the attacks of a real-world hacker; and includes specialized vulnerability assessments, automated scans, and manual techniques, that all work together to reduce false positives and identify security gaps within your internal and external networks.
To identify and recommend safeguards, MainNerve will employ the following:
Identify the name and location of systems on the network, as well as, the operating system and any running services.
Identify the ports open on each device.
Test for the operating system and services running on each exposed system.
Enumerate the network’s relationship and exposure to the Internet, including DNS and host name (domain name) registration information.
Unauthorized Access to Sensitive Data
Attempt to access and retrieve sensitive data from targeted systems by exploiting application or operating system vulnerabilities.
Probe firewall for open ports or services.
Known Vulnerability Analysis
Check for well-known vulnerabilities that can exist in web servers, FTP servers, DNS servers, etc.
Active Defense Evasion
Methods to evade or obfuscate the ability of active defenses (like intrusion prevention systems) to properly prevent known attack techniques.
THE MAINNERVE PROCESS
Upon approval of a project, the MainNerve team will schedule a kick off call to discuss key areas in the rules of engagement such as: methodology and testing techniques, compliance requirements, testing times, and points of contact. The phases listed below discuss key actions that are taken throughout the network penetration testing process.
The planning stage of penetration testing will include regular communication with key points of contact. The following items will be developed during this phase: (1) contact information and procedures for all phases; (2) types of systems to be tested (e.g. servers, workstations, mobile devices); (3) rules of engagement.
MainNerve will perform extensive network host discovery, service discovery, and enumeration. This involves information gathering and analysis of information available via the Internet. MainNerve gathers data from organization’s websites, public databases, and social networks with the explicit goal of identifying technical data about the external and/or internal network infrastructure for targeting.
The attack phase is where exploitation of any vulnerability and/or misconfiguration occurs. MainNerve will use ethical hacking techniques to penetrate vulnerable systems. MainNerve will try to exploit vulnerabilities using a blend of custom, open source, and commercial software tools. MainNerve employs a “target of opportunity” approach wherein MainNerve exploits a vulnerable host with the explicit intention of accessing sensitive information, establishing a persistent presence on the system, and exploiting the trusts of related systems.
At MainNerve, we consider the final phase of the network penetration testing process, reporting, to be the most crucial and instrumental step. During this phase, we take great care to ensure we effectively communicate the value of our service and findings as thoroughly as possible. Our main goal is to ensure that all information from the network pen test is clearly understood and that a roadmap toward remediation/mitigation is well defined. A comprehensive final report detailing all testing information along with an executive summary is securely delivered during this step.
Web App Penetration Testing
Web application penetration testing is designed to assess and test the state of your web-facing applications, and provide actionable remediation recommendations for enhancing your security to both your customers and users. This testing ensures that your applications will meet the security demands of your internal policies and customer assessment requirements. API testing can also be performed when required.
MainNerve’s compliance services and security alerting solutions are designed to help fill one of the biggest challenges for businesses: staying in alignment with the exhaustive list of Governance, Risk Management, and Compliance (GRC) requirements. From PCI DSS and HIPAA, to CJIS and FINRA, MainNerve can help your business navigate this landscape through our dedicated and hands-on approach to determining your business needs.
Social engineering, in the context of information security, is commonly defined as persuasion and/or manipulation techniques in order to influence people into performing actions or divulging confidential information. Ensure that your business is secure by testing and evaluating your employees, facilities, and infrastructure against phishing and physical attacks. MainNerve’s unique background in working with Special Operations gives us a distinct competitive edge.