Technologies and operating system Hardening

Technologies and operating system Hardening

Verification of the security status of the technological infrastructure by means of hardening techniques

Objectives

A hardening review provides the client a detailed report compiling the recommended security settings for each of the services available in the asset, as well as a list of the vulnerabilities to which it is exposed

Benefits

  • All installed technologies are analyzed, not just those that could be discovered with an external black box approach, providing a deeper level of inspection.
  • Potential paths of information discovery and elevation of privileges are exploited, providing a true snapshot of the exposure status of the assessed equipment.
  • Provides detailed information to the team responsible for the asset about why and how to implement the appropriate security enhancements and protections.
  • Our hardening services allow you to fine-tune the configuration of a model that will later be deployed on a larger number of the company's equipment.

General description

In hardening reviews, whether on servers or user workstations, our cybersecurity team starts with local access to the asset being assessed. In some cases, for a more realistic approach, the review is performed with physical access to the equipment.

In the event that the credentials provided by the client do not have administrator permissions, the exercise becomes a privilege escalation to try to turn the review approach into a white box review.

Once the level of privileges available for the review has been confirmed, the operating system configurations and its services are checked thoroughly. This review aims to identify all weaknesses and possible improvements in each system service.