Build And Configuration Reviews

An asset following secure review guidelines leads to a significant decrease in attack surface early in the asset lifecycle. This proactive cyber security approach adopted by the business company helps in the extra mile, both by establishing security baselines and lesser incidents.

Let our secure configuration security reviews help you set a secure baseline.

Discuss Your Security Concerns

Get in touch

No salesy newsletters. View our privacy policy.
Group 2
Group 4
Group 7
Group 1
Group 3
Group 5
Group 8
Group 9
Group 10
Group 11
BOOK A CALL

What is a Build and Configuration review?

A build and configuration review, also known as a secure configuration hardening review, involves reviewing the underlying Operating System and related components such as firmware, removable media interfaces in line with good security practices.

At times, customers request such reviews in comparison with CIS, NIST or internal guidelines. This is a white box pen test exercise performed to fully deliver knowledge of the system infrastructure.

A server with a lack of hardening or misconfiguration issues could provide a point on an easy route in developing network compromise or unauthorised access to sensitive details.

A weakly configured infrastructure may not only add vulnerabilities to the network, but a rootkit or a backdoor configured into the machine may go undetected for months.

This review helps to fill and discuss identifying weaknesses in a configuration to help you remediate issues in line with best practices.

to do list a49b 768x526 1

Why do you need security hardening ?

A proactive security strategy defines controls in layered fashion. It is always better to embed security mindset early in the asset lifecycle. There is no cheaper, effective and better ROI than secure hardening reviews. Regular security hardening assessments ensure weak security settings, hardening issues and data protection weaknesses are identified early. 

Before any new builds o network configurations are rolled into the production environment, it is important to release secure builds and provide for network configuration review or security validation to keep the attack surface to a minimum.

Having a configuration security review based benchmarking process in place ensures that vulnerabilities are reduced to minimum at the start of the asset lifecycle. Should your requirements mean looking around entire estate, read more about our full range of penetration testing services.

Domain names re 0uun 768x496 1

Benefits of Secure Configuration Review

  • Protect your assets early in the asset lifecycle
  • Follow a proactive approach to cyber security best practice
  • Demonstrate security by design mindset to your business and supply chain
  • Service quality underpins everything we do
  • One time reviews improve your internal build methodology
  • PCI DSS, ISO 27001, GDPR Compliance support
System Hardening Checklist

How to reduce your attack surface with system hardening

Contact Us Today!

See what people are saying about us

Stephen Rapicano
Stephen Rapicano
August 14, 2023
google reviews logo
5 out of 5
A totally professional engagement from start to finish with the highest quality advice and guidance.
Thank you for taking time to leave this feedback, we appreciate your support.
John Blackburn (CaptainJJB)
John Blackburn (CaptainJJB)
August 14, 2023
google reviews logo
5 out of 5
great experienced team, very knowledgable and helpful, willing to adjust the product to suit the customer. Would recommend.
Thank you for your time towards this feedback and continued support.
A A
A A
August 17, 2023
google reviews logo
5 out of 5
The service provided by Cyphere is second to none. High quality testing services. Very reliable and professional approach.
Another five-star review! Thank you for your support and for making our day brighter!
Lee Walsh
Lee Walsh
August 21, 2023
google reviews logo
5 out of 5
Cyphere provide a personal and assured service, focusing on both pre and post analysis in supporting us to change and embed a security cultured approach.
Holistic review just like the holistic cyber approach, thank you for the review.
Luc Sidebotham
Luc Sidebotham
August 17, 2023
google reviews logo
5 out of 5
Highly recommend Cyphere for pen testing. The recommendations in the report were comprehensive and communicated so that technical and non-technical members of the team could follow them.
Thank you so much for your glowing five-star feedback! We greatly appreciate your recommendation of Cyphere for pen testing.
mike Dunleavy
mike Dunleavy
August 31, 2023
google reviews logo
5 out of 5
Harman and the team at Cyphere truly are experts in their field and provide an outstanding service! Always going above and beyond to exceed customer expectations, i honestly cant recommend them enough.
Thank you, Mike, for the 🌟feedback, shall pass these kind words to Harman !
Mo Basher
Mo Basher
August 12, 2023
google reviews logo
5 out of 5
We had penetration tests service for PCI DSS compliance program from the Cyphere! Very professional, efficient communication, great findings that improved our system security posture! Highly recommended!
Thank you for the stellar five-star review! We're over the moon with happiness, just like a rocket fueled by your kind words.
Dan Cartwright
Dan Cartwright
August 14, 2023
google reviews logo
5 out of 5
Cyphere were great in both carrying out our penetration testing and taking us through the results and remediation steps. We would gladly use them for future projects.
Your five-star feedback has us doing a victory dance! We're as thrilled as a penguin sliding down an icy slope. Thank you, Dan, for waddling along with our business and leaving such a fantastic review!
nigel gildea
nigel gildea
September 4, 2023
google reviews logo
5 out of 5
I’ve worked with Cyphere on a number of penetration tests in addition to some cyber essentials support and certification! I’ve found them to be highly skilled and professional. They have consistently understood and met our project requirements and added value to the programme!
Glad you have positive feedback about our security compliance and technical risk offerings. Thank you.
James Anderson
James Anderson
August 14, 2023
google reviews logo
5 out of 5
Cyphere undertook pen testing for us recently. The process was very smooth, and the team were flexible in working around our constraints. The report was clear, actionable and perceptive. I would happily recommend their services.
Holy guacamole! Thank you for being an awesome customer and for brightening our day.
Adil Jain
Adil Jain
August 14, 2023
google reviews logo
5 out of 5
Cypher has been outstanding partner to our agency. I've tried many in the past but they have been extremely meticulous in getting our systems secured. Top class service, we will be working with them for many moons.
Wow, you've granted us the ultimate high-five with your amazing five-star review. Thanks for making us feel like rockstars!
Shaban Khan
Shaban Khan
August 23, 2023
google reviews logo
5 out of 5
Cypher has been an excellent partner and helped us achieve our goals with a great level of expertise, communication and helpfulness making the whole process easy to understand and complete. Well recommended and look forward to working with them again. We highly recommend cyber security consultants to any business.
Thank you for the glowing feedback.
Rajeev Kundalia
Rajeev Kundalia
September 16, 2023
google reviews logo
5 out of 5
I recently had the pleasure of collaborating with Harman for a comprehensive PEN Test through his company, Cyphere. From our first interaction, it was clear that Harman embodies the very definition of an expert in the field of cybersecurity. His vast reservoir of knowledge and exceptional skill set became apparent as he navigated through complex security landscapes with ease and precision. Harman's remarkable ability to convey intricate details in a comprehensible manner made the process seamless and extremely enlightening. His dedication to providing top-notch service was evident in every step, ensuring not only the success of the project but also fostering a sense of security and trust in our collaboration. Working with Harman was nothing short of a fantastic experience. His bright intellect and professional approach to his work were genuinely awe-inspiring. What stood out the most was his genuine passion for his field, reflected in his meticulous approach and the innovative strategies implemented throughout the project. Not only is Harman a maestro in his field, but he's also an incredible person to work with - a true professional who takes the time to understand his client's needs and exceeds expectations at every turn. His vibrant personality and enthusiasm make working with him an absolute joy, fostering a collaborative environment where ideas flow seamlessly. If you are looking for someone who embodies expertise, professionalism, and a personable approach, then Harman and his company, Cyphere, should be your go-to. I couldn't recommend their services more highly. A true beacon of excellence in the cybersecurity landscape!
Tobi Jacob
Tobi Jacob
July 10, 2023
google reviews logo
5 out of 5
I had an amazing experience working with Cyphere! Their communication was top-notch, making the entire process smooth and efficient. From the initial contact to the final result, they were always prompt in getting back to me. I found their team to be incredibly responsive and attentive to my needs. The ease and effectiveness of our communication truly set them apart. I highly recommend Cyphere for their exceptional service and commitment to client satisfaction.
First impressions are everything - we're thrilled that ours was a hit! Thanks for choosing us.
Group 90 1 2

Excellent people to work with.

Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site.

Head of TechnicalLeading Pharmaceutical Manufacturer

Harman was great, really knowledgeable

Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business.

IT manager Housing Trust

My experience of the team was 5 star.

They were so helpful, and their technical delivery and client communication were excellent.

Director, Software Development Corporate Services Company

Extremely satisfied

Extremely satisfied with approach, speed and end results. Thanks.


COOInternational fashion label and store

What is a build review?

Build review is the process of examining a software build to ensure that it meets quality standards. The purpose of build review is to catch any errors or problems with the build before it’s released. This can help prevent issues from occurring in production and can save time and money by catching problems early on.

Build and Configuration Reviews Methodology

A secure review involves assessing the operating systems, databases, devices or network equipment. It involves configuration and analysis phase followed by reporting as per the agreed form. Unlike penetration testing that involves security review from the surface, based on the running services, build review and configuration reviews explore the specific host’s configuration for instance, mobile devices, network devices, firewall configuration or any other assets. 

Our team is committed to ensuring, that as our customer, you receive the utmost value out of our team consultancy services and look forward to developing a long-lasting business company relationship with you. Our secure configuration reviews project are aligned with the best practice in the world in each area including the following secure hardening standards:

  • Baseline standards as per the customer organization
  • CIS benchmarks with hardening standards published for most vendors
  • NIST standards
  • Or commenced as part of ISO 27001 , PCI DSS projects.
secure hardening standards 768x576 1

Why build reviews are important?

The importance of a build review can’t be overstated. By conducting a regular build review, you can ensure that your software builds are of high quality and meet your standards. This can help prevent problems from occurring in production, which can save time and money. In addition, build reviews provide an opportunity for team members to collaborate and share knowledge.

There are many different types of build reviews, and the type that is right for your team will depend on your specific needs. However, all build reviews should include a review of the following:
  • the codebase
  • the build process
  • the test suite
  • the release process
Each of these components plays an important role in the quality of your software build. Main benefits of build and configuration reviews are:
  • Knowledge of vulnerabilities
  • Shorten potential downtimes
  • Uncover potential cyberthreats
  • Reduce mistakes on future deployments
  • Ensure proper configurations
  • Improved security posture

Build and configuration review test cases

Lack of Secure Hardening Checks

Security vulnerabilities across networking, security, telecommunications & other internal equipment, OS and endpoint vulnerabilities.

OS Modules & Patch Management

Effective patch management plays critical role in closing window of opportunity for attackers, thats between the vulnerability disclosure and patch release.

Group Policy Settings & Enforcement

Group Policy allows administrators to define security policies for users and the servers within the network. These policies are administered from a central location exclusively to the Windows operating system. The policy settings generally, among other things, enforce password settings, external media access, network-level access, patching schedule and application restrictions.

The best practices based group policy would ensure a safer network for an organisation and minimise the attack window for a threat actor to gain unauthorised access.

Insecure Logging & Monitoring Controls

Logging and monitoring controls are reviewed to identify flaws in event collection, analysis and threat identification.

Disk Encryption

Full disk encryption is a cryptographic method that applies encryption to the entire hard drive including data, files and software programs. In an adverse case, if a device/server is stolen or unauthorised physical access is achieved, this could be disastrous for a company. A threat actor would gain access to sensitive information such as personably identifiable information (PII) or proprietary information stored on this device due to a lack of disk encryption.

BIOS/Boot Security

Your network devices or servers BIOS or UEFI Firmware offers the ability to set lower-level passwords. These passwords would restrict people from booting the server, booting from removable devices, and changing BIOS or UEFI settings without administrators permission.

Evolving Threats

The nature of security vulnerabilities and threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection.

This is why you need to perform regular secure configuration reviews and security assessments to protect your network devices, device configuration, firewall configuration, security systems and mobile devices.

Authentication Controls

Authentication is a fundamental component of ensuring cyber security controls for most of the assets.
Based on our methodology and scope of the job, we perform two types of password reviews which include password policy reviews and a password cracking exercise followed by statistical analysis to find out the complexity & character patterns in use.

Third Party Patch Management

A vast majority of cyber attacks take advantage of known software and hardware vulnerabilities. Unpatched software including Operating System (OS) and third-party applications can attract malicious code to the vulnerable servers. Software patching can act as a defensive armour that repels malicious attacks and protects your organisation against multiple exploits. This finding is tested during penetration testing and build reviews.

build and configuration security review 768x1024 1

Build Reviews - Server and laptop security configuration

For windows and linux server building review, we look for rest security weaknesses at several functionalities (workstation, server, laptops) and underlying system components and architecture aspect of the host in review. Build review can help identify build issues at the configuration stage within documentation or templates and prevent future deployments suffering from repeat issues. The following areas are checked against best practices in relevant assets:
  • Operating Systems security review
  • Account Lockout Policy
  • Privilege Management
  • Audit Policy
  • User password policy
  • Patch Management
  • Logging and Monitoring
  • Secondary services and configurations
  • Insecure Service / File System Permissions
  • Network security policies
  • Network and Host firewall restrictions
  • Software Restriction and Application Control Policies
build configuration security review 768x576 1

Get a build and configuration review quote today

Contact Us Today!

Our Pentest Engagement Approach

Scoping and Customer Insight1
Read More
When you decide to give us the go-ahead, our very first step is to gain insight into your motivation, so that we can advise on your real concerns. The comprehensive process we go through to understand this determines the vision for the project. At the technical level, this includes assets to be included, their fragility and importance to the environment.
Data Collection2
Read More
In this phase, we profile the target, i.e. review build, a network, a server, or a device and perform data collection around services, configuration and related data. This is fundamental step before moving to next stage of configuration reviews.
Build and Configuration Analysis3
Read More
Our security team identifies vulnerabilities analysing the collected data in line with agreed baselines. This phase also involves tailored approach taking into account customer business context and secure architecture principles.
Reporting4
Read More
The assessment-execution phase is followed by the analysis & reporting for the performed security review. Cyphere performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, CVE, CVSS references including mitigation measures at strategic and tactical levels.
Communication & Debrief5
Read More
We take customer communication as seriously as reporting or assessment execution. We engage with customers during all stages, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help the customers understand the weaknesses and prepare a mitigation plan.
Previous
Next

RecentBlog Entries

cyphere crest and check penetration testing
Compliance and Regulations

CREST and CHECK Penetration Testing Explained – Which is Right for Your Business?

August 16, 2023 No Comments

It’s not wrong to say that CHECK and CREST are two of the most widely-used internationally recognised UK-based pen testing benchmarks, helping organisations identify vulnerabilities …

Read More →
CREST Vulnerability assessment
Compliance and Regulations

Your guide to CREST vulnerability assessments

August 16, 2023 No Comments

Vulnerability assessment exercises help organisations identify vulnerabilities in their systems before threat actors can take advantage of them and also provide risk mitigation to reduce …

Read More →
crest approved provider
Compliance and Regulations

What is a CREST-approved provider, and why choosing a CREST-certified company is important?

August 16, 2023 No Comments

Choosing the right cyber security service provider is essential for any business. But with so many providers, knowing which one to choose can be difficult. …

Read More →
Dark Shadow

One of the trusted penetration testing companies in the UK

Contact Us Today!
Dark Shadow

Pen Testing

Solutions

CBYER SECURITY Managed services

Company

Contact

Manchester
F1, Kennedy House,31 Stamford St, Altrincham WA14 1ES

London
71-75, Shelton Street,Covent Garden,London, WC2H 9JQ

Email/Call

Follow us on

Twitter Facebook Linkedin

Securing your cyber sphere

New Project (15)
New Project (14)
New Project (13)
New Project (12)
New Project (11)
New Project (10)

© 2023 CYPHERE All Rights Reserved.

Scroll to Top