Any server, network device or middleware in an IT infrastructure can be the root cause of a security incident. System hardening is an activity to proactively plug all the vulnerabilities related to administration, authorization, accounting, network and patch related issues in a system. With a hardened system, organizations can effectively bring down the application, network and attacks caused not only by a remote but also a local attacker.

Server/OS Configuration Audit

Indicative areas for Server/OS Configuration audit include:

  • Operating System holes/ vulnerability identification
  • Registry settings, including registry security permissions
  • Server applications running RADIUS, LDAP and SMTP
  • Account Policies implementation
  • Access Control List on all resources
  • Technology controls, like system configuration, password management, maintenance and operations
  • Configuration settings as per business requirement and rules
  • Adequate user identification and authentication
  • Logging and audit trails for critical functions

Configuration Audit of Networking & Security Devices

Indicative areas include:

Vulnerability scan using open-source and proprietary tools including

  • Vulnerability scan using open-source and proprietary tools including
    • Attacks probing ICMP, UDP and TCP services
    • Detect backdoors in use, if any
    • In-depth web security inspection – CGI and misconfiguration checks
    • DNS Spoofing
    • ISDN Lines
    • Ethernet Switch Spooling
  • Asses routers at the network perimeter for:
    • Password strength
    • Administrative access
    • Protection against denial-of-service mechanisms
    • Secure logging mechanisms
  • Assess network security devices including firewalls, IDS, Antivirus Gateway for
    • Authentication mechanisms
    • Administrative access
    • Configuration weaknesses
    • Secure rulebase and filters design
    • Strength of security devices like firewall against known vulnerabilities
  • Advanced testing techniques to include:
    • Current remote exploits from the hacking underground that are too new to be included in the automated scanning tools
    • Authentication system subversion auditing using high-risk dictionaries and optionally the custom bruteforce dictionary. Services tested may include NetBIOS, Telnet, FTP, RSH, REXEC, RLOGIN, pop3, HTTP, IMAP, SSH and optionally LDAP, SQL, Oracle, and other databases.
    • Firewall subversion techniques including source porting, source routing, spoofing, DNS alteration, FTP bouncing, fragmentation, and other extreme network techniques.

Database Configuration Audit

Indicative areas include:

  • For database access, is the OS level file and directory permissions restricted as required for the application?
  • Are users denied access to the database other than through the application?
  • Whether the use of triggers and large queries monitored to prevent overloading of database and consequent system failure?
  • Are direct query/access to the database restricted to the concerned database administrators?
  • Are there controls on sessions per user, number of concurrent users, etc.?
  • Is the creation of users restricted and need-based? Are the rights granted to various users reasonable and based on requirement?
  • Is the database configured to ensure audit trails, logging of user sessions and session auditing?
  • Checks for referential integrity and accuracy of the database. E.g. in the case of the automated interface between systems, is there a system of reconciliation between the source and receiving system for critical information?
  • Are there entries made directly to the back end databases? If they are made under exceptional circumstances, is there a system of written authorization?
  • Does the design or schema of all tables or files in the database contain fields for recording markers, checkers and time stamp?
  • Is there a separate area earmarked for temporary queries created by power users or database administrators based on specific user request?
  • Does the administrator maintain a list of batch jobs executed on each database, severity of access of each batch job and timing of execution?
  • Are batch error logs reviewed and corrective action taken by the database administrator periodically?
  • In cases where data is migrated from one system to another, has the user department verified and is satisfied with the accuracy of the information migrated?
  • Does the system administrator periodically review the list of users to the database? Is the review documented?
  • Are inactive users deactivated?
  • Is there a backup schedule?
  • Are databases periodically retrieved from the back up in the test environment and accuracy ensured?

Enquire Now

Stay up to date with the latest news!