What is it?
A Server Build Review is a comprehensive review of a server’s build and configuration. The review is carried out from an authenticated perspective and will highlight any configuration weaknesses that could be exploited by a malicious user to escalate their privilege level and access the server to compromise other devices in your network or domain.
What configuration is reviewed?
The Server Build Review will look at the entire server’s configuration and identify weaknesses in its build that could affect the integrity of the server. The review will follow a defence in depth approach and identify any host weaknesses or software components that could be exploited to escalate privilege level and use the initial compromise to targets other domains or networks.
Vulnerabilities will be identified in, but not limited to, the following areas:
- Software installation and configuration
- Patches and patch management policies
- Service configuration and permissions
- Password policy and password management
- System logs and auditing
- Privileged system configuration access control
Any configuration weakness that could be exploited to access another client or server in the network or domain
What is the output from this assessment?
A full technical report will include the following:
- Executive Summary – explanation of the vulnerabilities encountered, the risk they pose to your organisation, whether the objective was completed and recommendations of any remedial action that should be taken
- Summary of Findings – a table of all vulnerabilities noted during the assessment, the vulnerability title, its risk rating, and the vulnerability’s current state
- Detailed Findings:
- The vulnerability’s risk rating
- The system, URL or process that contains the vulnerability
- How the vulnerability was exploited
- The risk posed to the organisation
- Full technical details of how to replicate the vulnerability
- Remediation advice
- Appendices – vulnerability output that was noted in the engagement
When evaluating the overall risk rating for each vulnerability, the following factors will be considered:
- Impact – the impact that exploitation of this vulnerability will have on the business or organisation
- Risk – the risk posed to the organisation if this vulnerability was exploited
- Likelihood – the likelihood that this vulnerability could be exploited
Each vulnerability will have a remediation recommendation, which will include either:
- Official fix, such as a firmware upgrade for hardware, or a patch for a publicly disclosed vulnerability
- When there is no official fix a workaround can be used
- Process improvement for when exploitation of vulnerability is caused by a business process
What standards are met in this review?
The Server Build Review methodology is built from industry recognised standards including:
- Centre for Internet Security (CIS) Benchmarks
- Payment Card Industry Data Security Standard (PCI DSS)
- DISA Security Technical Information Guides (STIG)
- National Institute of Standards and Technology (NIST) recommendations
The methodology also benefits from our team’s cyber security experience in Penetration Testing and research into the Techniques, Tools and Tactics (TTP) used by real[1]world attackers. This ensures that any configuration weaknesses that could aid an attacker are identified, appropriately risk rated, and configuration changes to remediate the risk are given.