SECURE CONFIGURATION REVIEW
An asset following secure hardening guideliness leads to significant decrease in attack surface due to proactive security approach. Let our secure configuration hardening reviews help you set a secure baseline.
What is a secure configuration review?
A secure configuration hardening review involves reviewing the underlying Operating System and related components such as firmware, removable media interfaces in line with good security practices. At times, customers request such reviews in comparison with CIS, NIST or internal guidelines. This is a white box pen test exercise performed with full knowledge of the system architecture.
A server with lack of hardening or misconfiguration issues could provide an easy route to a complete network compromise or unauthorised access to sensitive data.
A weakly configured build may not only add vulnerabilities to the network, but a root kit or a backdoor configured into the machine may go undetected for months. This review helps in identifying weaknesses in configuration that may allow unauthorised access to the underlying operating system.
Why do you need security hardening ?
A proactive security strategy defines controls in layered fashion. It is always better to embed security mindset early in the asset lifecycle. There is no cheaper, effective and better ROI than secure hardening reviews. Regular security hardening assessments ensure weak security settings, hardening issues and data protection weaknesses are identified early.
Before any new builds are rolled into the production environment, it is important to release secure builds to keep the attack surface to a minimum. Having a secure configuration review based benchmarking process in place ensures that vulnerabilities are reduced to minimum at the start of the asset lifecycle. Should your requirements mean looking around entire estate, read more about our full range of penetration testing services.
Benefits of Secure Configuration Reviews
Security experts to understand your concerns
Secure Configuration Review Methodology
A secure review involves assessing a operating systems, databases, devices or network equipment. It involves configuration and analysis phase followed by reporting as per the agreed format.
Our build and configuration reviews are aligned with the following secure hardening standards:
- Baseline standards as per the customer organisation
- CIS benchmarks with hardening standards published for most vendors
- NIST standards
- Or commenced as part of ISO 27001 , PCI DSS projects.
Generally, the following areas are considered at high-level and more test cases are added based on the exact asset and functionality.
Logging and monitoring controls are reviewed to identify flaws in event collection, analysis and threat identification.
The nature of cybersecurity threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection. This is why you need to perform regular security assessments to protect your network, cloud configurations, security systems and devices.
Operating System Build Reviews
For windows and linux server build reviews, we look at the several areas of Operating systems including functionality (workstation, server, laptops) and architecture aspect of the host in review:
- Operating System security
- Account Lockout Policy
- Privilege Management
- Audit Policy
- User password policy
- Patch Management
- Logging and Monitoring
- Secondary services and configurations
- Insecure Service / File System Permissions
- Network security policies
- Network and Host firewall restrictions
- Software Restriction and Application Control Policies
Get a secure configuration hardening review quote today
Our engagement approach to secure configuration hardening reviews
Recent Blog Entries
Read about penetration testing methodologies and their usage, frameworks and pen testing tools. Discover how different types of tests impact efficiency.
Learn how to perform a cyber security risk assessment with step by step approach. It includes important aspects such as risk management and data audit.
Understand what is HIDS, how is it different from NIDS and advantages and disadvantages. Learn about the attack vectors identified by each of the technologies.
Read around the main cloud security risks, improving security in SaaS applications. Find our Saas security checklist to protect against the cyber attacks.
Read about how penetration testing report can affect your investments, helps to validate your controls and security strategy. Read more for tips and samples.
Learn what is PCI Compliance, it’s functional goals and 12 requirements. How to maintain compliance and ensure customer data security. Discover more.
Read about penetration testing vs vulnerability scanning and confusions around terminology. This article explores differences, decision factors and the right choice at various stages of a business.
What to do in case of a data protection breach for GDPR compliance, How long you have and How and What to report – everything you want to know. Discover more.