Network Penetration Testing
Our network penetration testing services identify, validate, and prioritize vulnerabilities on internal, internet facing, and cloud-based IT infrastructure.
Improve Network Security with Penetration Testing
Your attack surface is growing. Expert network security testing probes internal and external networks to identify vulnerabilities in protected systems across your cloud, network, and Internet of Things (IoT) environments. All of our network penetration test services also support compliance-based requirements such as PCI.
Internal Network Penetration Testing
During internal network penetration tests, NetSPI focuses on identifying high impact vulnerabilities found in systems, web applications, Active Directory configurations, network protocol configurations, and password management policies. Deliverables include attack narratives that illustrate how vulnerabilities can be used together in attack chains to have the greatest impact.
Internal network penetration tests often include network segmentation testing to determine if the controls isolating your crown jewels are sufficient.
During external network penetration tests, NetSPI will focus on identifying high impact vulnerabilities found in systems, web applications, and cloud environments exposed to the internet. Testing also includes identifying insecure federated service configurations, and sensitive data being stored in publicly accessible locations. Deliverables include attack narratives that illustrate how vulnerabilities can be used together in attack chains to have the greatest impact.
Wireless Penetration Testing
Wireless penetration testing identifies security issues in wireless devices and wireless networks that could be used to breach or damage a network. Our wireless security assessment delivers actionable guidance to improve wireless device security.
Host-Based Penetration Testing
Standard network penetration testing engagements may not provide compressive insights into the vulnerabilities that exist in your baseline system images and Citrix deployed desktops.
During host-based penetration tests, NetSPI performs a deep dive review of baseline workstation and server images used to deploy systems to the corporate environment. The service includes testing of system drive encryption, group policy configurations, patch levels, service configurations, user and group roles, third party software configurations, and more. It also includes a review of the systems and applications for common and known vulnerabilities. NetSPI supports host-based penetration testing of most Windows, Linux, z/OS, and MacOS variations.
Mainframe Penetration Testing
Finding mainframe security experts is a challenge. As a result, mainframes are often passed over during security reviews, which creates risk to some of the business’s most critical infrastructure. NetSPI has partnered with one of the world’s most qualified mainframe security experts to offer mainframe penetration testing that provides the coverage you need.
NetSPI’s mainframe penetration testing service will provide actionable guidance to improve your mainframe security from the perspective of both an unauthenticated and authenticated attacker.
As the number of remote workers increases it’s become more challenging to manage physical workstations. As a result, many companies provide remote desktop access through virtualization platforms like Citrix and VMware. Those platforms can make it easy for remote employees, partners, and vendors to access what they need without as much overhead cost and management. However, with the ease of access comes additional risks that don’t have to be considered for laptops not typically accessible from the internet.
During virtual desktop penetration tests, NetSPI will identify vulnerabilities that provide unauthorized access to the operating system through desktops published via virtualization platforms like Citrix and VMware. Additionally, NetSPI will review the system configuration to identify vulnerabilities that could be used to escalate privileges, pivot into the internal environment, or exfiltrate sensitive data.