BUILD AND CONFIGURATION REVIEWS
An asset following secure review guideliness leads to significant decrease in attack surface early in the asset lifecycle. This proactive cyber security approach adopted by organisations helps in the long run, both by establishing security baselines and lesser incidents.
Let our secure configuration security reviews help you set a secure baseline.
What is a Build and Configuration review?
A build and configuration review, also known as a secure configuration hardening review, involves reviewing the underlying Operating System and related components such as firmware, removable media interfaces in line with good security practices. At times, customers request such reviews in comparison with CIS, NIST or internal guidelines. This is a white box pen test exercise performed with full knowledge of the system architecture.
A server with lack of hardening or misconfiguration issues could provide an easy route to a complete network compromise or unauthorised access to sensitive data.
A weakly configured build may not only add vulnerabilities to the network, but a rootkit or a backdoor configured into the machine may go undetected for months. This review helps in identifying weaknesses in a configuration to help you remediate issues in line with best practices.
Why do you need security hardening ?
A proactive security strategy defines controls in layered fashion. It is always better to embed security mindset early in the asset lifecycle. There is no cheaper, effective and better ROI than secure hardening reviews. Regular security hardening assessments ensure weak security settings, hardening issues and data protection weaknesses are identified early.
Before any new builds o network configurations are rolled into the production environment, it is important to release secure builds and provide for network configuration review or security validation to keep the attack surface to a minimum. Having a configuration security review based benchmarking process in place ensures that vulnerabilities are reduced to minimum at the start of the asset lifecycle. Should your requirements mean looking around entire estate, read more about our full range of penetration testing services.
Benefits of Secure Configuration Review
Build and Configuration Reviews Methodology
A secure review involves assessing the operating systems, databases, devices or network equipment. It involves configuration and analysis phase followed by reporting as per the agreed format. Unlike penetration testing that involves security review from the surface, based on the running services, build and configuration reviews explore the specific host’s configuration for instance, mobile devices, network devices, firewall configuration or any other assets.
Our secure configuration reviews are aligned with the best practice in each area including the following secure hardening standards:
Generally, the following areas are considered at high-level and more test cases are added based on the exact asset and functionality.
Security vulnerabilities across networking, security, telecommunications & other internal equipment, OS and endpoint vulnerabilities.
Group Policy allows administrators to define security policies for users and the servers within the network. These policies are administered from a central location exclusively to the Windows operating system. The policy settings generally, among other things, enforce password settings, external media access, network-level access, patching schedule and application restrictions.
The best practices based group policy would ensure a safer network for an organisation and minimise the attack window for a threat actor to gain unauthorised access.
Logging and monitoring controls are reviewed to identify flaws in event collection, analysis and threat identification.
Full disk encryption is a cryptographic method that applies encryption to the entire hard drive including data, files and software programs. In an adverse case, if a device/server is stolen or unauthorised physical access is achieved, this could be disastrous for a company. A threat actor would gain access to sensitive information such as personably identifiable information (PII) or proprietary information stored on this device due to a lack of disk encryption.
Your network devices or servers BIOS or UEFI Firmware offers the ability to set lower-level passwords. These passwords would restrict people from booting the server, booting from removable devices, and changing BIOS or UEFI settings without administrators permission.
The nature of security vulnerabilities and threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection.
This is why you need to perform regular secure configuration reviews and security assessments to protect your network devices, device configuration, firewall configuration, security systems and mobile devices.
Authentication is a fundamental component of ensuring cyber security controls for most of the assets.
Based on our methodology and scope of the job, we perform two types of password reviews which include password policy reviews and a password cracking exercise followed by statistical analysis to find out the complexity & character patterns in use.
A vast majority of cyber attacks take advantage of known software and hardware vulnerabilities. Unpatched software including Operating System (OS) and third-party applications can attract malicious code to the vulnerable servers. Software patching can act as a defensive armour that repels malicious attacks and protects your organisation against multiple exploits. This finding is tested during penetration testing and build reviews.
Build Reviews - Server and laptop security configuration
For windows and linux server build reviews, we look for security weaknesses at several functionalities (workstation, server, laptops) and underlying system components and architecture aspect of the host in review.
The following areas are checked against best practices in relevant assets:
- Operating Systems security review
- Account Lockout Policy
- Privilege Management
- Audit Policy
- User password policy
- Patch Management
- Logging and Monitoring
- Secondary services and configurations
- Insecure Service / File System Permissions
- Network security policies
- Network and Host firewall restrictions
- Software Restriction and Application Control Policies