Selcouth Cyber Security Services Private Limited

Configuration Audit – Part one

Audit + Compliance + InfoSec Skrutin1 todayJanuary 27, 2021 577 5

Background
share close

Apart from general penetration tests, timely vulnerability management and hardened network access controls, one other method to protect your devices as well as getting them compliant to industry standards is configuration audit. In this blog post we will cover what exactly is a configuration audit, why it is important, the approach and details for common best practices for well known controls.

Introduction

Configuration Audit is one of the best practices, that we follow in the security domain to secure our Environment from Internal and External threats.

It is an important part of the deployment cycle, where we follow industry level security standards such as ISO 27000 or CIS to secure the environment in the best possible way. Configuration Audit is further divided into various parts depending on the operating system/build/version of the device or devices deployed in the given environment.

Configuration Audit is majorly done on Windows/Linux servers, Network devices such as routers/switches/firewall, Webservices such as IIS/Apache and different kind of databases.

Why Configuration Audit is important

It is a method to determine the current security state of the systems deployed in an environment, against well known industry standards. This assessment throws light to misconfigurations such as bad or default configurations, which may lead to system compromise. Mitigation of such misconfigurations, allows you to achieve compliance standards.

How to Approach a Configuration Audit

This is a simple process divided into four parts

  1. Collection of data: In this phase we collect the configurations of the system by using automated tools/scripts or manually as per the requirements and environment restrictions of the clients.
  2. Analysis: This is the most important part of the configuration audit, as we analyze the collected data and check for any gaps present in the settings that occurred during the deployment phase and are insecure as per industry standards.
  3. Sample Report: This is also called as draft report, as over here we discuss the observations with the administration team of the client, to try and understand why this settings were missed out during initial stage. This is the second most important phase, as every client uses different standards and have limitations as per their business requirements or environmentally restrictions, which may leads to this gaps and it is important for us to understand them before going ahead.
  4. Final Report: After the discussing and understanding of the situation, a final report is submitted, which consist of the final set of findings, their risk and mitigations. The client has to resolve all the reported issues, to secure themselves from any attack or data leakage and also achieve any compliance certificate applicable.

This is a continuous and repetitive process to achieve and maintain high compliance standards.

Common Best Practices

The following best practices are so common and so generalized that it can be applied and is applicable to almost everything, be it an operating system for computers or network devices, or for newer technologies like cloud, microservices, APIs and more.

  • Password and Account Policies: These policies helps us to manage and maintain passwords strength & complexity and account lockout, as this is the first line of defense against unauthorized access to any device.
  • User Access Control: It is the one most important configuration setting on any device as it allows us to appropriate proper access to those users who are authorized and restrict unwanted users from performing any malicious activities.
  • Service and Applications running: There will be many services or applications running on a device which might be vulnerable to attacks, leading to compromise of the system. With the help of this policy, we check and stop all the unwanted services or applications which can lead to such attacks.
  • Logging and Auditing: As a best practice it is important to log all failure & errors. This helps to identify irregularities & anomalies in the event of attempted attacks. An example, logging windows failure & success events. In the event of a successful brute-force, this could be identified as you would be able to see multiple failure converting into a success for a single user account that attempted logons multiple times

At Selcouth, We believe that achieving cyber security is a continuous journey in which we partner with our clients to address the everchanging threat landscape. To address such threats, get in touch with us! You can also view our full range of service offerings and trainings!

Written by: Skrutin1

Rate it
Previous post

AppSec acc3ssp0int / January 22, 2021

OAuth 2.0 – Part one

At least once till date, you must’ve come across  sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth [...]


Similar posts

AppSec w1r3sh65rk / February 22, 2021

Secure Code Review – Part One

Before we travel through the Secure code review in SDLC phase. Let us first understand what is Secure Coding, why it should be the part of early phase of SDLC, importance and best practices, available tools. Security Code Review: A secure code review is a part of the code review process to identify missing best ...

Read more trending_flat

AppSec acc3ssp0int / February 15, 2021

OAuth 2.0 – Part Three

Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The ...

Read more trending_flat