MCS’s consultation expert offer a number of assessment services branded in a variety of ways.
Each service type can provide varying degrees of security assurance.
Vulnerability assessment is a detailed study of the security infrastructure of an organization`s systems.
From a user workstation to the operating systems, databases, firewalls and Internet routers, a vulnerability assessment covers every piece of the information systems infrastructure in order to provide a comprehensive and consistent evaluation of the current state of the information security architecture.
MCS`s vulnerability assessment evaluations provide an in-depth technical security review of the hardware and software components supporting the technical infrastructure of an organization. To provide the best results, we use automated tools to assist in the evaluation process.
We also prepare comprehensive reports detailing the exposures identified, their corresponding associated risks, and a specific action plan for the remediation of the problems found. These security assessments are critical for the development of a tailored and cost-effective security program.
Statistically, most businesses will be hacked, sooner or later, either by individuals within the organization or by external hackers. The number of entry points into corporate networks is always increasing due to the use of e-commerce technologies, applications and technologies such as Wireless and Bluetooth.
Even after you have taken every possible measure to secure your network and applications, there is still the threat of social engineering to deal with. Through our penetration testing services, we can help identify, explain and simplify the various methods by which access can be gained to your information assets and also the potential impact of any such illicit access.
MCS`s penetration testing methodology provides a comprehensive assessment of exposures to both internal and external intrusions. These assessments provide detailed technical, procedural and strategic recommendations to enhance your organization`s security posture at the enterprise or product level.
A penetration-test is the process of actively evaluating your information security measures.
Note the emphasis on ‘active’ assessment; the information systems will be tested to find any security issues, as opposed to a solely theoretical or paper-based audit.
The results of the assessment will then be documented in a report, to help IT staff to take corrective strategies.
- Executive Report: A high-level snapshot of all activities and results.
- Activity Report: Providing details of all exploits executed on the target systems.
- Host Report: Containing detailed targeted and compromised host information.
- Vulnerability Report: Providing detailed reports on successfully exploited vulnerabilities on each target system.
- Delta Report: Tracking and comparing test results over time.
- PCI Report: Validating the results of Payment Card Industry (PCI)-approved vulnerability scanners.
Specifically, MCS`s security consultants can perform the following types of penetration tests:
• Network Penetration Tests
• Application Penetration Tests
• Social Engineering Tests
Network Penetration Tests:
Network penetration tests can be external or internal. An external penetration test examines the security posture of all systems that are accessible over the Internet.
On the other hand, an internal penetration test simulates attacks that may arise from within your organization either through a disgruntled employee or through an attacker who has been able to bypass your perimeter defenses.
Although the methodology used for any network penetration test is the same, it needs to be customized according to the needs of the client and the technology in use.
War-driving one of the techniques that we can use to provide a comprehensive security assessment.
War-driving is the act of discovering wireless access points that are part of your network.
Wireless technology is known to be vulnerable to certain types of attacks and hackers can use this as an entry point to gain unauthorized access.
By using war-driving tools and techniques, MCS professionals can evaluate the types of exploits that can be performed on the internal network upon gaining access to wireless access points.
Application Penetration Tests:
Application penetration tests can be used to test the security of both web-based and stand-alone applications.
This kind of testing can be used to identify vulnerabilities such as flow injections, buffer overflows and cross-site scripting.
It can also be used to detect issues such as improper error handling, insecure configuration management, credential pre-detection and file path abuse. Through our application penetration testing services, not only will we be able to pinpoint the risks that threaten the integrity of your organization`s critical data, but we will also help prioritize the risks.
Social Engineering Tests:
Why would a potential attacker spend hours trying to figure out your network infrastructure when they could accomplish that by simply tricking a few unsuspecting employees through e-mails, telephone calls or even in person?
The attacker could gather bits of information from each employee and the next thing you know, they have mapped out your network.
The attacker could find out what applications are being used, the naming scheme for users, and even some passwords from overzealous employees trying to help.
When developing a security program many organizations overlook the human aspect, which in most cases is the weakest link in any security infrastructure.
MCS can help you navigate the myriad of issues related to social engineering.
Our social engineering tests can help you mitigate the risk of social engineering and increase awareness in your organization.
Network and Application Penetration tests along with Social Engineering Tests, can thus be used to secure your information assets at different levels.
These tests can be customized to include technologies such as wireless and Bluetooth wherever necessary, thus providing for a comprehensive assessment of the security of your entire information infrastructure.