ProCheckUp

Contact Form

Why a Build Review is Essential

System hardening aims to configure a system securely by eliminating unnecessary functionalities. Every superfluous application, service, driver, feature, and setting can introduce potential security vulnerabilities. Once a system is fortified and integrated into an environment, it's pivotal to ensure its security robustness by regular updates and patches. Both internal and cloud build reviews help benchmark system builds against recognized standards, including CIS, ISO, SANS, or NIST.

Servers often contain sensitive information, making them prime targets for attackers. The assessment process we adopt for server build reviews can also be applied to auditing other devices. For more detailed information on network device configuration reviews, please see our 'Firewall Rule and Configuration' section.

Our Approach
To assess your server's security, we require:

An account with local administrator privileges.
A management login channel, tailored to the specific systems under review.
Using host-based audit tools, custom scripts, and manual checks, we examine your systems through the top three layers of the defense in depth model: Host, Application Layer, and Data. By employing this comprehensive approach, we ensure every aspect of your build has been meticulously assessed and fortified.

Defence in Depth: Host
Focused on the operating system and core services, this phase aims to detect vectors that might empower an attacker.
Defence in Depth: Application
This layer delves into software or services central to the server's role, from web servers to database software or even broader applications like Active Directory.
Defense in Depth: Data
The pinnacle of our review ensures that data stored remains protected and is suitable for the protection level the system offers.

Guidelines and Practices
While numerous hardening guidelines are available, we typically reference standards from NIST, CIS, software publishers like Microsoft, and CESG. Recognizing the unique needs of each organization, we also offer custom build reviews tailored to your specific business requirements.

Reporting
Upon completion, you'll receive a detailed technical report, highlighting all identified issues, recommended solutions, and an executive summary. We prioritize immediate notification of severe vulnerabilities to ensure a collaborative relationship with our clients.

Please contact us for more information on how Build Review Services can help you.

Security Audit

Application Testing

Breakout testing

Build and Configuration Reviews

Build Reviews

Cloud and Virtualisation Testing

Confirmation - request a call back

Device Testing/IOT testing

Infrastructure Testing

IoT Security Reviews

Laptop and Mobile Device Security Reviews

Mobile Application Testing

NCSC IT Health Checks

Penetration Testing

Processes

Red Teaming

Social Engineering

Vulnerability Assessment

Wireless Testing

Wireless Testing - New!

Security Risk: Understanding, Assessing, and Mitigating Threats

Architecture Security Review

Data Discovery

Internal Network Discovery

Internet Discovery

Mergers and Acquisitions

Onsite/Remote Security Manager

Open Source Intelligence Gathering

Physical Security Audit

Segmentation Testing

Virtual CISO

Training And Knowledge Transfer

Forensic First Responder (FFR)

Compliance & Advisory

CREST STAR Assessments

Cyber Essentials Plus

GDPR

ISO 27001

PCI DSS ASV Scanning

PCI Data Security Standards

PCI FAQ

PCI QSA

PECR

PSN Compliance (ITHC) Testing

Training Services

Transitioning to PCI-DSS Version 4.0:

Incident Response

Breach Impact Assessments

edisclosure / eDiscovery

Expert Witness

Forensics

Forensics Readiness Plan

Gold Teaming

Incident Response

Intrusion Analysis

Malware Reverse Engineering

Technical Services Counter Measures (TSCM)

Build Reviews

Why a Build Review is Essential

Need Help?

Our Services

Security Audit

Security Risk: Understanding, Assessing, and Mitigating Threats

Training And Knowledge Transfer

Compliance & Advisory

Incident Response

Keep up to date!

ACCREDITATIONS

Read ProCheckUp’s 'GDPR Bytes' article

BSides London conference 2016