The most effective method of indentifying vulnerabilities in used hardware and software is to review the configuration of the respective elements of the IT system’s network and server environment. This service usually supplements penetration tests of the network and server environment or tests of application security.

A configuration review may cover for example:

• border and internal routers,
• firewalls,
• IPS/IDS,
• switches,
• load balancers,
• server operating systems,
• utilities (e.g. a database server, an application server),
• elements of security controls (e.g. an antivirus system, a content filter),
• a back-up system.

Configuration is analysed for its compliance with common good practice rules or the Client’s internal standards. If justified, we also verify compliance with the current legislation or regulations binding in the relevant sector.
Standards with which configuration of respective components is compared are always agreed with the Client prior to the review. As a result we may be sure that the scope of the review has been defined properly and configuration assessed thoroughly.

Related services

• Network and server security testing
• Application security testing
• A design for security controls upgrade
• Periodic remote security tests

Networks and servers