Aligning your Windows server to industry-recognised security standards ensures it is security-hardened and resilient to attack.
Since the introduction of Windows Server 2008, the security of the Windows operating system has been significantly improved by Microsoft, resulting in many of the legacy operating system vulnerabilities and attack vectors being eliminated by default.
Although considerable security improvements have been made by Microsoft, it is very often the case that missing operating system patches, weak security policies and vulnerable 3rd party software can introduce vulnerabilities which increase the likelihood of the server being compromised by an attacker.
A build review of your organisations Windows servers is a ‘white-box’ assessment which provides you with a rigorous benchmark of the operating system configuration – comparing the results against industry-recognised security hardening standards.
Methodology
Using a combination of automated compliance tools and manual inspection our consultant will perform an in-depth review to assess your server’s resilience to attack.
In addition to the hardening guidance from the Center for Internet Security (CIS) and Microsoft Security Baselines, we include additional configuration checks during the build review that have been derived from our own experience of Windows environments and specific attack vectors that have been identified by our consultants during penetration tests.
Specifically, the following areas of the Windows server are covered by this review:
- Anti-Virus Protection
- Password Policy
- Account Lockout Policy
- Audit Policy
- Interactive Logon
- Network Security Settings
- User Account Control
- User Accounts
- Passwords
- Services
- File Shares
- Microsoft Operating System Patches
- Vulnerability Assessment
- Windows Firewall
- Port Scan
Prerequisites
- Wired network connection
- Local or Domain Administrator credentials
- The Remote Desktop service enabled on all hosts to be reviewed
- List of IP addresses or hostnames to be assessed
Deliverables
Engaging with SecureTeam for your Windows Build Review will provide you with the following:
In-flight Support
Reporting
Once the build review has been completed, you will be provided with the following:
Comprehensive Technical Report
Our clear & concise reporting format contains an Executive Summary that can be understood by all members of your organisation – including individuals who may be in management or non-technical roles. All vulnerabilities contain a sufficient level of technical detail, so that your development team and systems administrators can quickly pinpoint the root cause of the vulnerability and apply the recommended course of action.
Technical References
Where applicable, we provide additional reference URLs for each vulnerability, so that further information on the vulnerabilities can be obtained from reputable sources of technical information.
Risk-Based Approach with CVSS Scoring
A risk-based approach is used throughout the report and all vulnerabilities are scored in line with CVSS (Common Vulnerability Scoring System). This allows the contents of the report to be fed into your own internal risk assessments and allows a plan to be developed to address the vulnerabilities which present the highest risk to your organisation.
Secure & Encrypted Report Delivery
Due to the sensitive content which may be contained in our test reports, all test reports are delivered to our customers through a secure file delivery mechanism. All test reports are encrypted using AES-256 encryption and are secured with a strong, randomly-generated password which is delivered ‘out-of-band’ to you via SMS. The encrypted file is then delivered to you through an encrypted & expiring URL link – allowing you to download the test report securely to your workstation.
After Care
Once our consultancy engagement is complete and our final report has been delivered to you, our consultancy team remain available to you indefinitely for any questions you may have surrounding the report’s findings or our consultancy engagement with you.
We pride ourselves in partnering with our customers to provide adhoc security advice and to ensure that our engagement with you doesn’t simply end once the final report has been delivered.
We are committed to ensuring, that as our customer, you receive the utmost value out of our consultancy services and look forward to developing a long-lasting business relationship with you.
Conference Call
Once you have received our final report, you have the option of attending a conference call between the consultant(s) involved in delivering your project and individuals within your organisation who you feel would benefit from a more in-depth discussion of the report’s findings.
A conference call is suitable for both management and technical staff and provides you with the perfect opportunity to ensure that all vulnerabilities and their recommended course of action are fully understood by stakeholders and technical staff who may be tasked with applying the recommended course of action.
Find out more
If you'd like to find out more about our services or would like us to provide you with a quotation, please fill out the following form and one of our team will get in touch with you.