314980222252
enquiries@mcl.co.im
Get In Touch

Network Security Assessment

ClientLocal Business
SkillsSecurity Assessment, Vulneability Management, Penetration Testing

Requirement

Penetration Test and a Security Assessment of a large company

STANDARDS: PTES, SANS, PCI DSS, ISO 27001, NIST

PRIMARY SECTOR: Software

Based in Douglas IOM, they act for clients throughout IOM

Scope

Our Stakeholder wanted us to perform Network penetration testing from both external and internal aspects. Internal testing is performed to assess the security posture of the internal networks of the organisation, whereas external testing is performed to assess the security posture of the external networks of the organisation.

 

INTERNAL TESTING: This testing process allow us to get access the internal network, then scan the target systems. We should also remember that sometimes scanning intensely important systems shouldn’t result in their crashing, as there may be so much important processes connected to them.

 

EXTERNAL TESTING: The testing process we use one IP address for each target. We will use this IP address to perform our scans, and we will also be able to detect vulnerabilities. After identifying the vulnerabilities, we can also perform an OSINT report about the given target.

Discovery

  • We identified issues related to SSL, Weak encryptions, NTLM Hashes to crack passwords, SMB login default credentials issues
  • Security patches for the operating system were missing
  • Identified the presence of Trojans and backdoors
  • Identified Unnecessary protocols were enabled
  • Few firewall rules were improperly configured
  • Identified suspicious files

Deliverables

DAILY STATUS REPORT:

The security assessment took two weeks, with daily updates about the identified issues and recommendations for fixes. The client then took our recommendations and fixed the issues as they came to light, making their final report easier to prepare.

 

SECURITY ASSESSMENT REPORT:

At the end of the security assessment, we identified a number of vulnerabilities. We complied a technical assessment report with proper proof-of-concepts and shared it securely with the customer.

Business Impact

REDUCED RISK: MCL has been able to reduce security risks by assessing the customer’s infrastructure vulnerabilities and recommending solutions for security enhancement.

 

COST SAVINGS:  MCL provided cost-effective measures based on the customer’s business requirements that ensured security and continuity of the business.

 

CUSTOMER SATISFACTION: Host Level Security Penetration Testing was conducted to identify security vulnerabilities and impacts across customer systems, with minimum interruption and damage.

 

SUPPORT: We provide a year’s support with periodic security vulnerability scans.