Build & Configuration Reviews

What is a Build & Configuration Review?

A Build & Configuration Review is a comprehensive assessment of individual devices. Using an authenticated approach to identify vulnerabilities, insecure configuration settings, access to sensitive content and other issues which could lead to data disclosure or device compromise.

Why Conduct A Build & Configuration Review?

With the exponential growth of identified vulnerabilities and security breaches, it is no longer recommended to only review a devices perimeter security. In the event of a compromise or security breach it is important to understand the risks that your organisation faces and the security of your company’s data.

A build review can review the entire configuration of a device to ensure that they are protected from a range of common vulnerabilities, adhere to a number of best practice recommendations.

Types of Build & Configuration Review

Build & Configuration reviews can be conducted against a number of devices. Several types of Reviews exist to focus on each of these areas in detail and although more focused tests exist, the high-level categories are summarised as follows:

A review of a standard user workstation aims to search for vulnerabilities and data which can be exploited by a unauthenticated or low privileged user account. Workstations can be the target of a number of attacks which aim to exploit the device or the user and form an important part of any organisation’s security.
These assessments often have a goal of privilege escalation on the device and an organisations network.
Server Build Reviews aim to assess the security of devices providing critical business functionality and help to ensure the data and functionality they provide is protected.
Servers can be intended for public or private access and can therefore be targeted by a range of potential attacks. Ensuring their secure configuration is integral for any organisation.
Mobile Device Management (MDM) systems, provide a configuration policy to your company’s mobile devices. Mobile devices can contain company emails, sensitive documents, login information and other data.
A mobile device compromise of theft can have the same impact as any standard workstation and ensuring a secure configuration for each device has been implemented is an important security consideration for any organisation.
A Firewall will often act as the gatekeeper for any organisation’s devices and services. The access control rules which are configured can determine what is accessible, both publicly and privately.
The secure configuration of these devices is important part in ensuring both your network and devices are safeguarded.

Ready to secure your business?