Our assessment reports provide a detailed and comprehensive analysis of a system’s vulnerabilities. It will also detail how to mitigate those issues, including recommendations for patching, hardening, or locking down specific systems where needed. The goal is not only to identify problem areas that need addressing but also to provide solutions.
External Penetration Testing Services
Milli Micro Systems’ external penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data which can range from devices mistakenly exposed to the internet (DMZ) to timestamps or response codes which give information to an attacker.
Internal Penetration Testing Services
Milli Micro Systems’ internal tests simulate an attack by a malicious insider. Note that this isn’t necessarily simulating a rogue employee; it could be assumed that an employee’s credentials were stolen due to a phishing attack. Once a malicious user is inside the network, they are able to fingerprint all the devices connected and begin to search for privilege escalation vulnerabilities and other means of becoming an administrator on the systems. Once that has been established, the attacker has all the resources and privileges required to exfiltrate critical information.
Physical Infrastructure Penetration Testing Services
Milli Micro Systems’ physical penetration testing targets the physical infrastructure of your facilities. Our testing includes (but is not limited to): fire alarms, smoke detectors, piggybacking, exploiting security kiosks, bypassing mantraps, exploiting electrical locks, and assessing security staff. This form of service is highly customized to fit the customer’s facility layout and needs.
Web Application Penetration Testing
Milli Micro Systems’ web application penetration testing service will scan for various vulnerabilities, error handling, access control, authentication bypasses, data protection, API and web service flaws, and excessive logging.
Wireless Network Assessment and Penetration Testing
Milli Micro Systems’ network assessment and penetration testing will perform a full cross-analysis of all network virtual local networks and make sure resources are properly segmented with adequate access controls. MMS will test for 802.1x network authentication misconfigurations and miscellaneous misconfigurations & unpatched or vulnerable EOL networking hardware.
Network Configuration Review
Milli Micro Systems’ network configuration review will include an examination of network topology and audit of firewall configurations.
Server Configuration and Active Directory Group Policy Reviews
Milli Micro Systems’ review of server configuration and Active Directory Group Policy reviews are focused on detecting and addressing flaws in logic and permissions. We will perform a full review of all group permissions to ensure your organization adheres to the principle of least privilege to the greatest extent possible without hindering productivity.
Review of Patch Management Practices and Log Configuration
Milli Micro Systems’ review of patch management practices will help your organization adhere to NIST patch management guidelines set forth in SP 800-40r4 (April 2022). MMS’ security log configuration recommendations follow the principles included in the scope of NIST SP 800-92 (September 2006). A major point of interest when auditing organizations with various different vendor hardware is log normalization. In addition to normalization, we will review log storage, analysis, disposal and parsing methodologies at a high level.
Need more information, Contact Us