Host Hardening Review
Our team can perform configuration and deployment reviews on a wide range of operating systems and devices, to ensure they are configured and deployed in line with industry best standards. This ensures that systems are running with the smallest attack footprint possible, are fully patched and configured in the most secure manner.
Base Operating System
If a vulnerability exists in a higher level application, such as a web application, the level of security applied to the base operating system can be the difference between a minor or major system compromise. Once access is gained to an internal host, the hardening standards applied to other servers on the network is paramount to preventing a full network compromise.
- Checking operating system patch level and patch management process
- Confirming requirements for process running under privileged accounts
- Minimising network available services to project a smaller footprint
- Review of user accounts, access levels, and password strength
Application servers, such as web servers, are typically accessible to unauthorised users and as such act as a gateway between an untrusted network and an internal network. Vulnerabilities caused during the configuration and deployment phases can be leveraged to aid in other attacks, and in some cases exploited by themselves to gain arbitrary access.
- Checking application configuration
- Checking application path for unnecessary binaries and other files
- Confirming requirements for application functionality that can be disabled
- Reviewing application error, restart and logging functionality
Database servers store one of the most critical assets: Your information. Not only do database servers need to be configured securely at the application level, but also within the database itself. A database review offers you confidence that sensitive data is indeed safe.
- Checking encryption requirements of stored data
- Reviewing data segregation requirements and confirming these are in place
- Reviewing database user accounts, access levels, and password strength
- Reviewing database stored procedures, backup scripts, and externally-called binaries
Full service descriptions, methodologies and sample reports are available upon request