MCS was designed from the outset to deliver a secure network testing platform, out of the box, with no reliance on external web servers, no public database APIs, and solid-state hardware that has no operating system to compromise.
Most web-hosted applications rely on commercial web servers like Apache or IIS. Every vulnerability in those platforms becomes your vulnerability. MCS eliminates this dependency entirely by running its own built-in web server with a custom Web Application Firewall.
The MCS WAF uses a whitelist-only approval process. Instead of trying to block known threats (and missing new ones), MCS only allows explicitly approved requests. Everything else is rejected and audited. This inverts the traditional security model and is far more resilient to emerging and zero-day threats.
The MCS WAF provides built-in protection against common web application attack vectors. No additional security software or configuration required.
Whitelist validation prevents injection of malicious scripts through request parameters or input fields.
Request validation ensures actions originate from legitimate sessions within the MCS framework.
No server-side scripting engine (PHP, ASP, etc.) to exploit. MCS does not execute user-supplied code in any form.
Recursive file syntax exploits (../../ attacks) are blocked. The whitelist only permits known, valid URL patterns.
URLs that don't match the whitelist policy are rejected immediately. No file discovery, no directory enumeration.
MCS does not allow uploading or execution of binary files through the web interface. The attack vector simply does not exist.
NCS satellites are designed as secure points-of-presence that can be deployed in public networks, customer environments, and untrusted locations without introducing risk.
Solid-state appliances with no operating system, no file system, and no executables. They cannot be infected with malware, cannot be used as a pivot point, and cannot be compromised through OS-level vulnerabilities. Safe for deployment in any environment.
Operate without underlying file system access for minimal data threat exposure. No persistent test data is stored on the host. Software satellites restrict access to OS data assets and communicate only with your MCS server. While file penetration risks are mitigated, the security of the host OS itself remains the responsibility of the platform administrator.
NCS I-points and E-points do not store or maintain any persistent data. All test results flow exclusively to the MCS management server. There is nothing on a satellite device to exfiltrate, encrypt, or hold ransom.
The MCS approach to data privacy starts with a simple principle: don't collect data you don't need. MCS measures network performance metrics. It does not inspect packet contents, capture user data, or store sensitive information.
By eliminating external web servers, commercial OS requirements on hardware satellites, and persistent data on endpoints, MCS reduces both the attack surface and the cost of maintaining it.
Solid-state satellites have no operating system. No Windows updates, no Linux kernel patches, no zero-day exposure. They just run.
No Apache, IIS, or Nginx to configure, harden, or keep current. The built-in web engine is maintained as part of MCS itself.
Deploy hardware satellites in customer private networks with confidence. No OS to compromise, no data at rest, no risk to the host environment.
The whitelist-based WAF framework enables rapid adaptation to new attack patterns. The extensible policy engine updates with each MCS release.
