As part of an effort to identify and rectify flaws in an organisation's processes that could be contributing to security problems, it is often necessary to carry out desktop and server build reviews. These are based around assessments of system security; registry security and permissions; along with assessment of running services and user account configuration.
We would usually begin by logging onto the system as an standard user, then attempting privilege escalation to carry out unauthorised tasks and find out how easy it is to access key parts of the operating system. The aim is to make sure that users can only access those parts of the system to which they have legitimate access, and to check that only those functions which the server actually needs to be running to do its job are in operation, in accordance with the principle of least functionality.
Our build review service illustrates our commitment to helping clients achieve a holistic view of all the factors that could contribute to security issues, and to identifying business risks and recommending ways in which those risks can be reduced.