Build Reviews

Why Build Reviews Are Essential

Ensuring the integrity and security of system builds is paramount. System hardening, a critical first step, involves configuring systems securely by removing unnecessary functionalities that might introduce security vulnerabilities. However, the journey towards a secure system doesn't end with system hardening. Regular updates, patches, and thorough build reviews are essential to maintain and enhance the system's security posture over time.

Build reviews, both for internal and cloud-based systems, are vital for benchmarking system builds against recognised cyber-security standards such as CIS (Center for Internet Security), ISO (International Organization for Standardisation), SANS Institute, or NIST (National Institute of Standards and Technology). These reviews are not just about ticking boxes; they are about understanding how secure a system is in a real-world context, identifying potential vulnerabilities.  With the goal to forestall future attacks by addressing and remedying the identified weaknesses.

Servers often contain sensitive information, making them prime targets for attackers. The assessment process we adopt for server build reviews can also be applied to auditing other devices. For more detailed information on network device configuration reviews, please see our 'Firewall Rule and Configuration' section.

Our Approach

Our methodology for conducting build reviews is both thorough and adaptable, designed to meet the unique needs of each organization.

To begin assessing your server's security, we require:

  • An account with local administrator privileges.
  • A management login channel, specifically tailored to the systems under review.

Utilising a combination of host-based audit tools, custom scripts, and manual checks, we dive deep into the top three layers of the defence in depth model: Host, Application Layer, and Data. This multi-layered approach ensures that we leave no stone unturned, from the operating system and core services to the applications and data that are crucial to your business operations..

Defense in Depth - Multilayered Security

  • Defence in Depth: Host
    The first layer of our review focuses on the operating system and core services. Here, we aim to uncover any potential vectors that could be exploited by attackers to gain unauthorised access or control over your systems.
  • Defence in Depth: Application
    Moving up to the application layer, we scrutinize the software and services that are integral to the server's role. This includes everything from web servers and database software to critical applications like Active Directory, assessing them for vulnerabilities that could compromise your security.
  • Defense in Depth: Data
    At the pinnacle of our review process, we ensure that the data stored on your systems is adequately protected, aligning with the level of protection the system claims to offer. This stage is crucial for safeguarding sensitive information from unauthorized access or breaches.

Tailored Build Reviews

While we draw on a variety of hardening guidelines and standards, including those from NIST, CIS, software publishers like Microsoft, and CESG, we understand that each organisation has unique security needs. Therefore, we also offer customized build reviews, tailored specifically to your business requirements and security objectives.

Detailed Reporting

Upon completing our review, you will receive a comprehensive technical report that details all identified issues, recommended solutions, and an executive summary for easy understanding. We prioritize the immediate notification of any severe vulnerabilities discovered during our review, ensuring a collaborative and proactive approach to securing your systems.

In conclusion, build reviews are an indispensable component of a robust cyber-security strategy, providing the insights and actions needed to protect your systems and data effectively. By partnering with us for your build review needs, you can rest assured that your cyber-security posture is not just compliant, but truly secure.

Need Help?

If you have any questions about cyber security or would like a free consultation, don't hesitate to give us a call!

Our Services

Keep up to date!

Subscribe to our newsletter. Keep up to date with cyber security.


For More Information Please Contact Us

Smiling Person

ACCREDITATIONS