Security audit
Configuration Review
Security check of the active configuration of an IT component or larger IT environment according to manufacturer specifications and CIS benchmarks with proven hardening recommendations.
Scope of the pentest
In this penetration test, we examine the active configuration of one of your IT components. These include, for example:
Operating systems
Windows 10/11, Windows Server, Ubuntu Linux, Fedora Linux, Redhat Enterprise Linux, and many more.
Web server, reverse proxy or load balancer
Nginx, Apache, Traefik, Caddy, HAProxy, F5 Big IP and many more
Databases
MSSQL, MySQL, Mariadb, Postgresql, Oracle, Redis and many more
Cloud environments
MS O365, MS SharePoint, MS Azure, Amazon AWS, Google GCP, Docker, Kubernetes, and much more.
Firewalls, routers, switches
Cisco, Fortinet, Palo Alto Networks, Check Point, Sophos, WatchGuard, Jupiter and many more
Identity Providers (IdP)
Keycloak, Authentik, Okta, Auth0, Azure AD, Shibboleth and many more
In most configuration reviews, we find that test objects are insufficiently hardened.
Many test objects are not configured for safety in their standard configuration. ¹
Configuration Review
Our approach
The secure configuration and hardening of operating systems, application servers and databases is an important basis for protection against attacks.
In this security analysis, we examine one of your IT infrastructure components for proven hardening measures. We generally use recommendations from manufacturers and benchmarks from the Center for Internet Security (CIS).
In the first step, we work with you to extract the relevant configurations of the test object. We then carry out an analysis of the active configuration and compare it with recognized recommendations. As a result of the analysis, you will receive a final report with detailed hardening measures for all findings identified by us.
The aim of the configuration review is to optimize and harden your IT system or environment in order to minimize the risk of successful attacks.
A configuration review is considered an extended hardening measure and provides detailed information on the current configuration of an IT component.
Sources
1 - Own statistics from our client assessments