Build Reviews

Why a Build Review is Essential

System hardening aims to configure a system securely by eliminating unnecessary functionalities. Every superfluous application, service, driver, feature, and setting can introduce potential security vulnerabilities. Once a system is fortified and integrated into an environment, it's pivotal to ensure its security robustness by regular updates and patches. Both internal and cloud build reviews help benchmark system builds against recognized standards, including CIS, ISO, SANS, or NIST.

Image

Servers often contain sensitive information, making them prime targets for attackers. The assessment process we adopt for server build reviews can also be applied to auditing other devices. For more detailed information on network device configuration reviews, please see our 'Firewall Rule and Configuration' section.

Our Approach
To assess your server's security, we require:

An account with local administrator privileges.
A management login channel, tailored to the specific systems under review.
Using host-based audit tools, custom scripts, and manual checks, we examine your systems through the top three layers of the defense in depth model: Host, Application Layer, and Data. By employing this comprehensive approach, we ensure every aspect of your build has been meticulously assessed and fortified.

  • Defence in Depth: Host
    Focused on the operating system and core services, this phase aims to detect vectors that might empower an attacker.
  • Defence in Depth: Application
    This layer delves into software or services central to the server's role, from web servers to database software or even broader applications like Active Directory.
  • Defense in Depth: Data
    The pinnacle of our review ensures that data stored remains protected and is suitable for the protection level the system offers.

Guidelines and Practices
While numerous hardening guidelines are available, we typically reference standards from NIST, CIS, software publishers like Microsoft, and CESG. Recognizing the unique needs of each organization, we also offer custom build reviews tailored to your specific business requirements.

Reporting
Upon completion, you'll receive a detailed technical report, highlighting all identified issues, recommended solutions, and an executive summary. We prioritize immediate notification of severe vulnerabilities to ensure a collaborative relationship with our clients.

Need Help?

If you have any questions about cyber security or would like a free consultation, don't hesitate to give us a call!

Our Services

Keep up to date!

Subscribe to our newsletter. Keep up to date with cyber security.


FOR MORE INFORMATION PLEASE CONTACT US

Smiling Person

ACCREDITATIONS